manualshive.com logo in svg

Edge-Core WA6202A, Руководство пользователя

Edge-Core WA6202A - высококачественный беспроводной маршрутизатор с широким функционалом. На нашем сайте вы можете бесплатно скачать руководство пользователя для этого устройства. Пользуйтесь нашими подробными инструкциями для оптимальной работы вашего маршрутизатора WA6202A. Скачать можно на manualshive.com.

Поделиться
Скачать
background image

6  

System Configuration

 

 

CLI Commands for SSH – To enable the SSH server, use the 

ip ssh-server enable

 

command from the CLI Ethernet interface configuration mode. To set the SSH 
server UDP port, use the 

ip ssh-server port 

command. To view the current settings, 

use the 

show system 

command from the CLI Exec mode (not shown in the 

following example). 

 

Enterprise AP(if-ethernet)#no ip telnet-server 

7-17

 

Enterprise AP(if-ethernet)#ip ssh-server enable 

7-16

 

Enterprise AP(if-ethernet)#ip ssh-server port 1124 

7-16

 

Enterprise AP(if-ethernet)#exit 
Enterprise AP(config)# 

 

 
 

Authentication

 

Wireless clients can be authenticated for network access by checking their MAC 
address against the local database configured on the access point, or by using a 
database configured on a central RADIUS server. Alternatively, authentication can 
be implemented using the IEEE 802.1X network access control protocol. 

 

A client’s MAC address provides relatively weak user authentication, since MAC 
addresses can be easily captured and used by another station to break into the 
network. Using 802.1X provides more robust user authentication using user names 
and passwords or digital certificates. You can configure the access point to use both 
MAC address and 802.1X authentication, with client station MAC authentication 
occurring prior to IEEE 802.1X authentication. However, it is better to choose one or 
the other, as appropriate. 

 

Take note of the following points before configuring MAC address or 802.1X 
authentication: 

 

•   Use MAC address authentication for a small network with a limited number of 

users. MAC addresses can be manually configured on the access point itself 
without the need to set up a RADIUS server, but managing a large number of MAC 
addresses across many access points is very cumbersome. A RADIUS server can 
be used to centrally manage a larger database of user MAC addresses. 

•   Use  IEEE 802.1X  authentication  for  networks  with  a  larger  number  of  users  and 

where  security  is  the  most important issue.  When  using  802.1X  authentication, a 
RADIUS server is required in the wired network to centrally manage the credentials 
of the wireless clients. It also provides a mechanism for enhanced network security 

using dynamic encryption key rotation or W-Fi Protected Access (WPA). 

Note:   

If you configure RADIUS MAC authentication together with 802.1X, RADIUS MAC 
address authentication is performed prior to 802.1X authentication. If RADIUS MAC 
authentication succeeds, then 802.1X authentication is performed. If 
RADIUS MAC authentication fails, 802.1X authentication is not performed. 

 

•   The access point can also operate in a 802.1X supplicant mode. This enables the 

access point itself to be authenticated with a RADIUS server using a configured 
MD5 user name and password. This prevents rogue access points from gaining 
access to the network. 

 

 

6-12 

Содержание WA6202A

Страница 1: ...AeroExtend by SOHOWARE WA6202A WA6202AM 2 4 GHz 5 GHz Dual Band Outdoor Access Point Bridge User Guide www sohoware com ...

Страница 2: ......

Страница 3: ...s Point Bridge WA6202A IEEE 802 11g and 802 11a Dual band Access Point Bridge with Integrated 5 GHz High Gain Antenna and External Antenna Options WA6202AM IEEE 802 11g and 802 11a Dual band Access Point Bridge with External Antenna Options ...

Страница 4: ...WA6202A WA6202AM F4 3 3 6 E112006 DT R01 149100034900E ...

Страница 5: ... for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interfere...

Страница 6: ... operated in all countries of the European Community Requirements for indoor vs outdoor operation license requirements and allowed channels of operation apply in some countries as described below Note The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as describ...

Страница 7: ...oors or outdoors in all countries of the European Community using the 2 4 GHz band Channels 1 13 except where noted below In Italy the end user must apply for a license from the national spectrum authority to operate this device outdoors In Belgium outdoor operation is only permitted using the 2 46 2 4835 GHz band Channel 13 In France outdoor operation is only permitted using the 2 4 2 454 GHz ban...

Страница 8: ...r the connector to the unit and not the wall plug must have a configuration for mating with an EN 60320 IEC 320 appliance inlet The socket outlet must be near to the unit and easily accessible You can only remove power from the unit by disconnecting the power cord from the outlet This unit operates under SELV Safety Extra Low Voltage conditions according to IEC 60950 The conditions are only mainta...

Страница 9: ...E7 7 SCHUKO The mains cord must be HAR or BASEC marked and be of type HO3VVF3GO 75 minimum Europe IEC 320 receptacle Veuillez lire à fond l information de la sécurité suivante avant d installer l appareil AVERTISSEMENT L installation et la dépose de ce groupe doivent être confiés à un personnel qualifié Ne branchez pas votre appareil sur une prise secteur alimentation électrique lorsqu il n y a pa...

Страница 10: ... le pays d utilisation Le cordon doit avoir reçu l homologation des UL et un certificat de la CSA Les spécifications minimales pour un cable flexible sont AWG No 18 ouAWG No 16 pour un cable de longueur inférieure à 2 mètres type SV ou SJ 3 conducteurs Le cordon doit être en mesure d acheminer un courant nominal d au moins 10 A Etats Unis et Canada La prise femelle de branchement doit être du type...

Страница 11: ...n erfüllt Der Gerätestecker der Anschluß an das Gerät nicht der Wandsteckdosenstecker muß einen gemäß EN 60320 IEC 320 konfigurierten Geräteeingang haben Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein Die Stromversorgung des Geräts kann nur durch Herausziehen des Gerätenetzkabels aus der Netzsteckdose unterbrochen werden Der Betrieb dieses Geräts erfolgt unter den SELV Bed...

Страница 12: ...enigstens 10 A U S A und Canada Dieser Stromstecker muß hat einer erdschluss mit der typ NEMA 5 15P 15A 125V oder NEMA 6 15P 15A 250V konfiguration Danemark Dieser Stromstecker muß die ebene 107 2 D1 der standard DK2 1a oder DK2 5a Bestimmungen einhalten Schweiz Dieser Stromstecker muß die SEV ASE 1011Bestimmungen einhalten Europe Das Netzkabel muß vom Typ HO3VVF3GO 75 Mindestanforderung sein und ...

Страница 13: ...d Benefits 1 8 Chapter 2 Network Configuration 2 1 Access Point Topologies 2 1 Infrastructure Wireless LAN 2 2 Infrastructure Wireless LAN for Roaming Wireless PCs 2 3 Bridge Link Topologies 2 4 Point to Point Configuration 2 4 Point to Multipoint Configuration 2 5 Chapter 3 Bridge Link Planning 3 1 Data Rates 3 1 Radio Path Planning 3 1 Antenna Height 3 2 Antenna Position and Orientation 3 4 Radi...

Страница 14: ...dentification 6 3 TCP IP Settings 6 5 RADIUS 6 7 SSH Settings 6 11 Authentication 6 12 Filter Control 6 17 VLAN 6 19 WDS Settings 6 21 AP Management 6 27 Administration 6 28 System Log 6 33 RSSI 6 37 SNMP 6 40 Configuring SNMP and Trap Message Parameters 6 41 Configuring SNMPv3 Users 6 46 Configuring SNMPv3 Trap Filters 6 48 Configuring SNMPv3 Targets 6 50 Radio Interface 6 52 Radio Settings A 802...

Страница 15: ...ing Command Modes 7 4 Exec Commands 7 5 Configuration Commands 7 5 Command Line Processing 7 6 Command Groups 7 6 General Commands 7 7 configure 7 8 end 7 8 exit 7 8 ping 7 9 reset 7 10 show history 7 10 show line 7 11 System Management Commands 7 11 country 7 12 prompt 7 14 system name 7 14 username 7 15 password 7 15 ip ssh server enable 7 16 ip ssh server port 7 16 ip telnet server enable 7 17 ...

Страница 16: ... 7 37 DHCP Relay Commands 7 38 dhcp relay enable 7 38 dhcp relay 7 39 show dhcp relay 7 39 SNMP Commands 7 40 snmp server community 7 41 snmp server contact 7 41 snmp server location 7 42 snmp server enable server 7 42 snmp server host 7 43 snmp server trap 7 44 snmp server engine id 7 45 snmp server user 7 46 snmp server targets 7 48 snmp server filter 7 49 snmp server filter assignments 7 50 sho...

Страница 17: ...ss Authentication 7 69 address filter default 7 69 address filter entry 7 70 address filter delete 7 70 mac authentication server 7 71 mac authentication session timeout 7 71 Filtering Commands 7 72 filter local bridge 7 73 filter ap manage 7 73 filter uplink enable 7 74 filter uplink 7 74 filter ethernet type enable 7 74 filter ethernet type protocol 7 75 show filters 7 76 WDS Bridge Commands 7 7...

Страница 18: ...ommands 7 93 interface wireless 7 95 vap 7 95 speed 7 96 turbo 7 96 multicast data rate 7 97 channel 7 98 transmit power 7 98 radio mode 7 99 preamble 7 100 antenna control 7 101 antenna id 7 101 antenna location 7 102 beacon interval 7 103 dtim period 7 103 fragmentation length 7 104 rts threshold 7 105 super a 7 106 super g 7 106 description 7 107 ssid 7 107 closed system 7 108 max association 7...

Страница 19: ...k integrity ping host 7 129 link integrity ping interval 7 130 link integrity ping fail retry 7 130 link integrity ethernet detect 7 130 show link integrity 7 131 IAPP Commands 7 132 iapp 7 132 VLAN Commands 7 133 vlan 7 133 management vlanid 7 134 vlan id 7 134 WMM Commands 7 135 wmm 7 136 wmm acknowledge policy 7 136 wmmparam 7 137 Appendix A Troubleshooting A 1 Appendix B Cables and Pinouts B 1...

Страница 20: ...C 9 8 dBi Omnidirectional 5 GHz C 10 12 5 13 5 dBi 60 Degree Sector 5 GHz C 11 8 dBi Omnidirectional 5 GHz C 12 23 dBi High Gain Panel 5 GHz C 13 8 dBi Omnidirectional 5 GHz C 14 8 dBi Omnidirectional 5 GHz C 15 Appendix D Montieren der Bridge D 1 Verwenden der Halterung für Mastmontage D 1 Verwenden der Halterung für Wandmontage D 3 Anschließen der externen Antennen D 5 Anschließen der Kabel an d...

Страница 21: ...s The wireless bridge system offers a fast reliable and cost effective solution for connectivity between remote Ethernet wired LANs or to provide Internet access to an isolated site The system is also easy to install and operate ideal for situations where a wired link may be difficult or expensive to deploy The wireless bridge connection provides data rates of up to 108 Mbps In addition both wirel...

Страница 22: ...r Guide CD Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Use them again to repack the product in case there is a need to return it Hardware Description Bottom View both models Console Port CoverAttachment Top View WA6202A Console Port Ethernet PoE Connector Water Tight Test Point DO NOT REMOVE Integrate...

Страница 23: ...in the following figure 802 11b g Wireless Link Activity 11b g 11a Power Link Power Ethernet Link Activity 802 11a Wireless Link Activity The following table describes the system status LEDs LED Status Description On Green Indicates that the system is working normally Power On Amber Indicates a system reset On Green Indicates a valid 10 100 Mbps Ethernet cable link Link Flashing Green Indicates th...

Страница 24: ... 802 11b g radio is disabled Slow Flashing Green The 802 11b g radio is enabled with a low level of network activity Fast Flashing Green Indicates a medium level of network activity 11b g three LEDs On Green Indicates a high level of network activity The following table describes the wireless status LEDs in RSSI mode LED Status Description Off No signal detected or the 802 11a radio is disabled Sl...

Страница 25: ...na options Model Number Antenna Type Gain dBi HPBW Horizontal HPBW Vertical Polarization ACC04 050090 2 4 GHz 2 5 GHz High Gain Directional Panel 18 15 15 Linear vertical ACC04 05028A with mounting bracket and ACC04 05427A 2 4 GHz 2 5 GHz Omnidirectional 8 360 15 Linear vertical ACC04 053830A 2 4 GHz 2 5 GHz Sector 10 120 15 Linear vertical ACC04 090380 5 47 GHz 5 875 GHz Omnidirectional 8 360 12 ...

Страница 26: ...ector module is included in the wireless bridge package and provides two RJ 45 Ethernet ports one for connecting to the wireless bridge Output and the other for connecting to a local LAN switch Input The Input port uses an MDI i e internal straight through pin configuration You can therefore use straight through twisted pair cable to connect this port to most network interconnection devices such a...

Страница 27: ...ding Point Even though the wireless bridge includes its own built in lightning protection it is important that the unit is properly connected to ground A grounding screw is provided for attaching a ground wire to the unit Water Tight Test Point Caution Do no remove or loosen this screw Doing so could lead to damage of the unit Wall and Pole Mounting Bracket Kit The wireless bridge includes a brack...

Страница 28: ...links using various external antenna options Both WA6202A and WA6202AM units also support access point services for the 5 GHz and 2 4 GHz radios using various external antenna options Maximum data rate up to 108 Mbps Outdoor weatherproof design IEEE 802 11a and 802 11b g compliant Local network connection via 10 100 Mbps Ethernet port Powered through its Ethernet cable connection to the power inje...

Страница 29: ...gies Operating as an outdoor access point the unit is deployed in an integrated configuration with wired Ethernet LANs providing network access to wireless stations in the wireless coverage area The access point s radios can support these modes Infrastructure wireless LAN Infrastructure wireless LAN with roaming Point to point bridge link Point to multipoint bridge links The 802 11b and 802 11g fr...

Страница 30: ...omputer in its wireless group or access other computers or network resources in the wired LAN infrastructure through the access point The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN but also increases the effective wireless transmission range for wireless PCs by passing their signals through one or more access points A wireless infrastructure ca...

Страница 31: ...access points The SSID can be manually configured by the clients can be detected in an access point s beacon or can be obtained by querying for the identity of the nearest access point For clients that do not need to roam set the SSID for the wireless card to that used by the access point to which you want to connect A wireless infrastructure can also support roaming for mobile workers More than o...

Страница 32: ...eployment options Note The external antennas offer longer range options using the 5 GHz radio which makes this interface more suitable for bridge links The 2 4GHz radio has various types of antenna options but the 8dBi omnidirectional antenna is better suited for local access point services When using WDS on a radio band only wireless bridge units can associate to each other Wireless clients can o...

Страница 33: ...e wireless bridge network all other bridges must be Slave units Using the 5 GHz 8 dBi omnidirectional external antenna the WA6202AM can connect to WA6202A units up to 3 3 km 2 miles away Using the 13 5 dBi 120 degree sector antenna the WA6202AM can connect to WA6202A units up to 10 3 km 6 4 miles away WA6202A WA6202A WA6202A WA6202A WA6202AM with Omnidirectional Antenna WA6202A WA6202A WA6202A WA6...

Страница 34: ...2 Network Configuration 2 6 ...

Страница 35: ...rior to equipment installation Data Rates Using its 5 GHz integrated antenna the WA6202A Slave bridge can operate over a range of up to 15 4 km 9 6 miles or provide a high speed connection of 54 Mbps 108 Mbps in turbo mode However the maximum data rate for a link decreases as the operating range increases When you are planning each wireless bridge link take into account the maximum distance and da...

Страница 36: ...gs and that no building construction may eventually block the path Check the topology of the land between the antennas using topographical maps aerial photos or even satellite image data software packages are available that may include this information for your area Avoid a path that may incur temporary blockage due to the movement of cars trains or aircraft Antenna Height A reliable wireless link...

Страница 37: ...7 m 45 ft 13 7 m 80 ft 24 4 m 17 miles 27 4 km 37 ft 11 3 m 58 ft 17 7 m 95 ft 29 m Note that to avoid any obstruction along the path the height of the object must be added to the minimum clearance required for a clear radio line of sight Consider the following simple example illustrated in the figure below Visual Line of Sight Radio Line of Sight 3 miles 4 8 km 2 4 m A 20 m 17 m 5 4 m 1 4 m 9 m 1...

Страница 38: ...wireless bridge must be considered Be sure there are no other radio antennas within 2 m 6 ft of the wireless bridge Place the wireless bridge away from power and telephone lines Avoid placing the wireless bridge too close to any metallic refective surfaces such as roof installed air conditioning equipment tinted windows wire fences or water pipes The wireless bridge antennas at both ends of the li...

Страница 39: ...nd velocity and direction at the site and be sure that any supporting structure such as a pole mast or tower is built to withstand this force Lightning The wireless bridge includes its own built in lightning protection However you should make sure that the unit any supporting structure and cables are all properly grounded Additional protection using lightning rods lightning arrestors or surge supp...

Страница 40: ... the cable consider using a lightning arrestor immediately before the cable enters the building Grounding It is important that the wireless bridge cables and any supporting structures are properly grounded The wireless bridge unit includes a grounding screw for attaching a ground wire Be sure that grounding is available and that it meets local and national electrical codes 3 6 ...

Страница 41: ...sing external antennas Hardware installation of the wireless bridge involves these steps 1 Mount the unit on a wall pole mast or tower using the mounting bracket 2 Mount external antennas directly on the bridge or on the same supporting structure as the bridge and connect them to the bridge unit 3 Connect the Ethernet cable and a grounding wire to the unit 4 Connect the power injector to the Ether...

Страница 42: ...g bracket 1 Fit the edges of the V shaped clamp parts into the slots on the flat side of the rectangular plate The inner slots are for a 1 5 inch diameter pole and the outer slots for a 2 inch diameter pole 2 Place the V shaped clamp parts of the bracket around the pole and tighten the securing nuts just enough to hold the bracket to the pole The bracket may need to be rotated around the pole duri...

Страница 43: ...h the bridge with its mounting plate to the bracket already fixed to the pole Attach the bridge to the plate on the pole 5 Use the included nuts to secure the wireless bridge to the pole bracket Note that the wireless bridge tilt angle may need to be adjusted during the antenna alignment process 4 3 ...

Страница 44: ... be aligned It is intended for use with the unit using external antennas 1 Attach the bracket to a wall with flat side flush against the wall see following figure Position the bracket in the intended location and mark the position of the four mounting screw holes 2 Drill four holes in the wall that match the screws and wall plugs included in the bracket kit then secure the bracket to the wall 3 At...

Страница 45: ...enna to the same supporting structure as the bridge within 3 m 10 ft distance using the bracket supplied in the antenna package 2 Connect the antenna to the bridge s N type connector using the RF coaxial cable provided in the antenna package Some omnidirectional external antennas attach directly to an N type connector without using a coaxial cable 3 Apply weatherproofing tape to the antenna connec...

Страница 46: ...ss bridge 2 For extra protection against rain or moisture apply weatherproofing tape not included around the Ethernet connector 3 Be sure to ground the unit with an appropriate grounding wire not included by attaching it to the grounding point on the base of the unit using the screw provided in the package Caution Be sure that grounding is available and that it meets local and national electrical ...

Страница 47: ...rt Power over Ethernet PoE based on the IEEE 802 3af standard Do not try to power the unit by connecting it directly to a network switch that provides IEEE 802 3af PoE Always connect the unit to the included power injector module 1 Connect the Ethernet cable from the wireless bridge to the RJ 45 port labeled Output on the power injector 2 Connect a straight through unshielded twisted pair UTP cabl...

Страница 48: ...gnment process is particularly important for long range point to point links In a point to multipoint configuration the root bridge uses an omnidirectional or sector antenna which does not require alignment but bridge nodes still need to be correctly aligned with the root bridge antennna Point to Point Configurations In a point to point configuration the alignment process requires two people one a...

Страница 49: ...t it is receiving the strongest signal from the central main lobe Vertical Scan Remote Antenna Horizontal Scan Maximum Signal Strength Position for Vertical Alignment RSSI Main Lobe Maximum RSSI Value Value Side Lobe Maximum Maximum Signal Strength Position for Horizontal Alignment To align the antennas in the link monitor the signal strength LEDs or the RSSI value in the management interface Star...

Страница 50: ...gest all LEDs on and secure the horizontal adjustment in that position Note Sometimes there may not be a central lobe peak because vertical alignment is too far off only two similar peaks for the side lobes are detected In this case fix the antenna so that it is halfway between the two peaks 3 Loosen the vertical adjustment on the mounting bracket and tilt the antenna slowly up and down while chec...

Страница 51: ...2 serial port that enables a connection to a PC or terminal for monitoring and configuration Attach a VT100 compatible terminal or a PC running a terminal emulation program to the access point You can use the console cable provided with this package or use a cable that complies with the wiring assignments shown on page B 3 To connect to the console port complete the following steps 1 Connect the c...

Страница 52: ... IP address that is compatible with your network Type configure to enter configuration mode then type interface ethernet to access the Ethernet interface configuration mode Enterprise AP configure Enterprise AP config interface ethernet Enterprise AP config if First type no ip dhcp to disable DHCP client mode Then type ip address ip address netmask gateway where ip address is the access point s IP...

Страница 53: ...s Select the code for your country and enter the country command again following by your country code e g tw for Taiwan Enterprise AP country tw Enterprise AP Note Command examples shown later in this manual abbreviate the console prompt to AP for simplicity Logging In There are only a few basic steps you need to complete to connect the access point to your corporate network and provide network ac...

Страница 54: ...5 Initial Configuration The home page displays the Main Menu 5 4 ...

Страница 55: ...configured IP address of the access point or use the default address http 192 168 1 1 To log into the access point enter the default user name admin and then press LOGIN When the home page displays click on Advanced Setup The following page will display The information in this chapter is organized to reflect the structure of the web screens for easy reference However it is recommended that you con...

Страница 56: ...ce and sets spanning tree parameters 6 21 AP Management Configures access to management interfaces 6 27 Administration Configures user name and password for management access upgrades software from local file FTP or TFTP server resets configuration settings to factory defaults and resets the access point 6 28 System Log Controls logging of error messages sets the system clock via SNTP server or ma...

Страница 57: ... Status Displays configuration settings for the basic system and the wireless interface 6 90 Station Station Shows the wireless clients currently associated with the access point 6 93 Event Logs Shows log messages stored in memory 6 95 System Identification The system name for the access point can be left at its default setting However modifying this parameter can help you to more easily distingui...

Страница 58: ...m Up time 0 days 0 hours 32 minutes 22 seconds System Name R D System Location System Contact Contact System Country Code US UNITED STATES MAC Address 00 12 CF 12 34 60 Radio A MAC Address 00 12 CF 12 34 61 Radio G MAC Address 00 12 CF 12 34 65 IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED...

Страница 59: ...ng use the CLI to manually configure the initial IP values see page 5 2 After you have network access to the access point you can use the web browser interface to modify the initial IP configuration if needed Note If there is no DHCP server on your network or DHCP fails the access point will automatically start up with a default IP address of 192 168 1 1 DHCP Client Enable Select this option to ob...

Страница 60: ...rwise leave the addresses as all zeros 0 0 0 0 CLI Commands for TCP IP Settings From the global configuration mode enter the interface configuration mode with the interface ethernet command Use the ip dhcp command to enable the DHCP client or no ip dhcp to disable it To manually configure an address specify the new IP address subnet mask and default gateway using the ip address command To specify ...

Страница 61: ...Fi Protected Access WPA wireless security A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible In addition the configured RADIUS server can also act as a RADIUS Accounting server and receive user session accounting information from the access point RADIUS Accounting can be used to provide valuable information on user activity in the netw...

Страница 62: ...6 System Configuration 6 8 ...

Страница 63: ...specified on the RADIUS server Do not use blank spaces in the string Maximum length 255 characters Timeout Number of seconds the access point waits for a reply from the RADIUS server before resending a request Range 1 60 seconds Default 5 Retransmit attempts The number of times the access point tries to resend a request to the RADIUS server before authentication fails Range 1 30 Default 3 Accounti...

Страница 64: ...192 168 1 25 7 59 Enterprise AP config radius server port 181 7 60 Enterprise AP config radius server key green 7 60 Enterprise AP config radius server timeout 10 7 61 Enterprise AP config radius server retransmit 5 7 61 Enterprise AP config radius server port accounting 1813 7 62 Enterprise AP config radius server timeout interim 500 7 62 Enterprise AP config exit Enterprise AP show radius 7 64 R...

Страница 65: ...red Clients can then securely use the local user name and password for access authentication Note that SSH client software needs to be installed on the management station to access the access point for management via the SSH protocol Notes 1 The access point supports only SSH version 2 0 2 After boot up the SSH server needs about two minutes to generate host encryption keys The SSH server is disab...

Страница 66: ... 802 1X authentication However it is better to choose one or the other as appropriate Take note of the following points before configuring MAC address or 802 1X authentication Use MAC address authentication for a small network with a limited number of users MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server but managing a large number of ...

Страница 67: ...ion is compared against the local database stored on the access point Use the Local MAC Authentication section of this web page to set up the local database and configure all access points in the wireless network service area with the same MAC address database Radius MAC The MAC address of the associating station is sent to a configured RADIUS server for authentication When using a RADIUS authenti...

Страница 68: ... unknown MAC addresses that is those not listed in the local MAC database Deny Blocks access for all MAC addresses except those listed in the local database as Allow Allow Permits access for all MAC addresses except those listed in the local database as Deny MAC Authentication Settings Enters specified MAC addresses and permissions into the local MAC database MAC Address Physical address of a clie...

Страница 69: ... AP config mac authentication server local 7 71 Enterprise AP config mac authentication session timeout 5 7 717 20 Enterprise AP config address filter default denied 7 69 Enterprise AP config address filter entry 00 70 50 cc 99 1a denied 7 70 Enterprise AP config address filter entry 00 70 50 cc 99 1b allowed Enterprise AP config address filter entry 00 70 50 cc 99 1c allowed Enterprise AP config ...

Страница 70: ...n Information MAC Authentication Server REMOTE MAC Auth Session Timeout Value 300 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering DENIED System Default DENY addresses not found in filter table Filter Table MAC Address Status 00 70 50 cc 99 1a DENIED 00 70 50 cc 99 1b ALLOWED Enterprise AP CLI Command for 802 1x Supplicant To configure ...

Страница 71: ...ts can communicate with each other through the access point Prevent Intra VAP client communication When enabled clients associated with a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Prevent Inter and Intra VAP client communication When enabled clients cannot establish wireless communications...

Страница 72: ...filtering on the port Default Disabled CLI Commands for Bridge Filtering Use the filter local bridge command from the global configuration mode to prevent wireless to wireless communications through the access point Use the filter ap manage command to restrict management access from wireless clients To configure Ethernet protocol filtering use the filter ethernet type enable command to enable filt...

Страница 73: ...n assigned client VLAN ID default VLAN ID or the management VLAN ID Traffic received from the wired network must also be tagged with one of these known VLAN IDs Received traffic that has an unknown VLAN ID or no VLAN tag is dropped When VLAN support is disabled the access point does not tag traffic passed to the wired network and ignores the VLAN tags on any received frames Note Before enabling VL...

Страница 74: ...adecimal or string VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string see radius server vlan format on page 7 63 Note The specific configuration of RADIUS server software is beyond the scope of this guide Refer to the documentation provided with the RADIUS server software VLAN Classification Enables or disables VLAN tagging support on the access point Native VLAN ID The...

Страница 75: ...that is an STP compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down WDS Bridge Up to six WDS bridge or repeater links MAC addresses per radio interface can be specified for each unit in the wireless bridge network One unit only must be confi...

Страница 76: ...ave mode A single master enables up to five slave links whereas a slave will have only one link to the master Bridge Parent The physical layer address of the root bridge unit or the bridge unit connected to the root bridge 12 hexadecimal digits in the form xx xx xx xx xx xx Channel Auto Sync Allows a Bridge Child to automatically find the operating channel used by its Bridge Parent Caution Do not ...

Страница 77: ...erves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to 6 23 ...

Страница 78: ... values indicate higher priority Range 0 65535 Default 32768 Bridge Max Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the desig...

Страница 79: ...mand from the CLI wireless interface configuration mode If the role of the radio interface is set to Bridge or Repeater the MAC address of the parent node must also be configured using the bridge link parent command If the role is set to anything other than Access Point then you should also configure the MAC addresses of the child nodes using the bridge link child command To view the current bridg...

Страница 80: ...and Enterprise AP config bridge stp enable 6 104 Enterprise AP config bridge stp forwarding delay 2500 6 105 Enterprise AP config bridge stp hello time 500 6 106 Enterprise AP config bridge stp max age 4000 6 107 Enterprise AP config bridge stp priority 40000 6 108 Enterprise AP config interface wireless a Enterprise AP if wireless a bridge link path cost 2 40 6 109 Enterprise AP if wireless a bri...

Страница 81: ... to the specified addresses If anyone tries to access a management interface from an unauthorized address the access point will reject the connection UI Management Enables or disables management access through Telnet the Web HTTP or SNMP interfaces Default Enabled Note Secure Web HTTPS connections are not affected by the UI Management or IP Management settings IP Management Restricts management ac...

Страница 82: ... protect access to the management interface you need to configure an Administrator s user name and password as soon as possible If the user name and password are not configured then anyone having access to the access point may be able to compromise access point and network security Once a new Administrator has been configured you can delete the default admin user name from the system Username The ...

Страница 83: ... ip http session timeout 0 7 18 Enterprise AP config Upgrading Firmware You can upgrade new access point software from a local file on the management workstation or from an FTP or TFTP server New software may be provided periodically from your distributor After upgrading new software you must reboot the access point to implement the new code Until a reboot occurs the access point will continue to ...

Страница 84: ...ware is stored If upgrading from an FTP server be sure that you have an account configured on the server with a user name and password If VLANs are configured on the access point determine the VLAN ID with which the FTP or TFTP server is associated and then configure the management station or the network port to which it is attached with the same VLAN ID If you are managing the access point from a...

Страница 85: ...guration file to a specified remote FTP or TFTP server A configuration file can also be downloaded to the access point to restore a specific configuration Export Import Select Export to upload a file to an FTP TFTP server Select Import to download a file from an FTP TFTP server Config file Specifies the name of the configuration file which must always be syscfg A path on the server can be specifie...

Страница 86: ...mmand can be used to check that the new file is present in the access point file system To run the new software use the reset board command to reboot the access point Enterprise AP copy tftp file 7 56 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 1 TFTP Source file name img bin TFTP Server IP 192 168 1 19 Enterprise AP dir 7 58 File Name Type File Size df...

Страница 87: ... memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Server 1 4 Enables the sending of log messages to a Syslog server host Up to four Syslog servers are supported on the access point Default Disable Server Name IP The IP address or name of a Syslog serv...

Страница 88: ...conditions e g return false unexpected return Notice Normal but significant condition such as cold start Informational Informational messages only Debug Debugging messages Note The access point error log can be viewed using the Event Logs window in the Status section page 6 95 The Event Logs window displays the last 128 messages logged in chronological order from the newest to the oldest Log messa...

Страница 89: ...2 0 0 0 0 UDP Port 514 State Disabled 3 0 0 0 0 UDP Port 514 State Disabled 4 0 0 0 0 UDP Port 514 State Disabled Enterprise AP Configuring SNTP Simple Network Time Protocol SNTP allows the access point to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for e...

Страница 90: ...om the global configuration mode specify SNTP server IP addresses using the sntp server ip command then use the sntp server enable command to enable the service Use the sntp server timezone command to set the time zone for your location and the sntp server daylight saving command to set daylight savings To view the current SNTP settings use the show sntp command Enterprise AP config sntp server ip...

Страница 91: ...nfig RSSI The RSSI value displayed on the RSSI page represents a signal to noise ratio A value of 30 would indicate that the power of the received signal is 30 dBm above the ambient noise floor This value can be used to align antennas see page 4 6 and monitor the quality of the received signal for bridge links An RSSI value of about 30 or more indicates a strong enough signal to support the maximu...

Страница 92: ...6 System Configuration The RSSI controls allow the external connector to be disabled and the receive signal for each WDS port displayed 6 38 ...

Страница 93: ...for a Master unit only port 1 for a Slave unit Default 1 Distance Mode Indicates if the 802 11a radio is operating in normal or Turbo mode See Radio Settings A on page 6 53 Distance The approximate distance between antennas in a bridge link LED Status Mode Selects AP mode or Bridge mode Bridge Port Allows the user to select the bridge port on which to monitor traffic Default 1 Range 1 6 There are ...

Страница 94: ...th the format of the MIB specifications and the protocol used to access this information over the network The access point includes an onboard agent that supports SNMP versions 1 2c and 3 clients This agent continuously monitors the status of the access point as well as the traffic passing to and from wireless clients A network management station can access this information using SNMP management s...

Страница 95: ...NMP Enables or disables SNMP management access and also enables the access point to send SNMP traps notifications Default Disable Location A text string that describes the system location Maximum length 255 characters Contact A text string that describes the system contact Maximum length 255 characters Community Name Read Only Defines the SNMP community access string that has read only access Auth...

Страница 96: ... with the notification operation Maximum length 23 characters case sensitive Default public Engine ID Sets the engine identifier for the SNMPv3 agent that resides on the access point This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A default ...

Страница 97: ... A client station has failed MAC address authentication with the RADIUS server dot1xAuthNotInitiated A client station did not initiate 802 1X authentication dot1xAuthSuccess A 802 1X client station has been successfully authenticated by the RADIUS server dot1xAuthFail A 802 1X client station has failed RADIUS authentication dot1xSuppAuthenticated A supplicant station has been successfully authenti...

Страница 98: ...tact commands to indicate the physical location of the access point and define a system contact To set the read only and read write community names use the snmp server community command Use the snmp server host command to define a trap receiver host and the snmp server trap command to enable or disable specific traps Enterprise AP config snmp server enable server 7 42 Enterprise AP config snmp ser...

Страница 99: ...State Disabled 3 0 0 0 0 Community State Disabled 4 0 0 0 0 Community State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuc...

Страница 100: ...rresponding Passphrase field Priv Type The data encryption type used for the SNMP user either DES or none When DES is selected enter a key in the corresponding Passphrase field Passphrase The password or key associated with the authentication and privacy settings A minimum of eight plain text characters is required Action Click the Add button to add a new user to the list Click the edit button to ...

Страница 101: ...group settings use the show snmp users or show snmp group assignments commands Enterprise AP config snmp server engine id 1a 2b 3c 4d 00 ff 7 45 Enterprise AP config snmp server user 7 46 User Name 1 32 chris Group Name 1 32 RWPriv Authtype md5 cr none md5 Passphrase 8 32 a good secret Privacy des cr none des Passphrase 8 32 a very good secret Enterprise AP config exit Enterprise AP show snmp user...

Страница 102: ...defined by up to 20 MIB subtree ID entries To configure a new notification filter click the New button A new page opens to configure the filter see below To edit an existing filter select the radio button next to the entry in the table and then click the Edit button To delete a filter select the radio button next to the entry in the table and then click the Delete button When you click on the New ...

Страница 103: ... Subtree OID Specifies MIB subtree to be filtered The MIB subtree must be defined in the form 1 3 6 1 and always start with a Filter Type Indicates if the filter is to include or exclude the MIB subtree objects from the filter Note that MIB objects included in the filter are not sent to the receiving target and objects excluded are sent By default all traps are sent so you can first use an include...

Страница 104: ... trapfilter Type include Subtree iso Mask None Type exclude Subtree iso 3 6 1 2 1 2 2 1 1 23 Mask None Enterprise AP Configuring SNMPv3 Targets An SNMP v3 notification Target ID is specified by the SNMP v3 user IP address and UDP port A user defined filter can also be assigned to specific targets to limit the notifications received to specific MIB objects Note that the filter must first be configu...

Страница 105: ...gth 32 characters IP Address Specifies the IP address of the receiving management station UDP Port The UDP port that is used on the receiving management station for notification messages SNMP User The defined SNMP v3 user that is to receive notification messages Assigned Filter The name of a user defined notification filter that is applied to the target CLI Commands for Configuring SNMPv3 Targets ...

Страница 106: ...ble with 802 11b These interfaces are configured independently under the following web pages Radio Interface A 802 11a Radio Interface G 802 11b g Each radio supports up to four virtual access point VAP interfaces numbered 0 to 3 Each VAP functions as a separate access point and can be configured with its own Service Set Identification SSID and security settings However most radio signal parameter...

Страница 107: ...n radio settings that apply to the overall system After you have configured the radio settings go to the Security page under the 802 a Interface See Security on page 6 73 enable the radio service for any of the VAP interfaces and then set an SSID to identify the wireless network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Note You must first ...

Страница 108: ...6 System Configuration Configuring VAP Radio Settings To configure VAP radio settings select the Radio Settings page 6 54 ...

Страница 109: ...s disassociated from the VAP interface Range 5 60 minutes Default 30 minutes WPA2 PMKSA Life Time WPA2 provides fast roaming for authenticated clients by retaining keys and other security settings in a cache for each VAP In this way when clients roam back into a VAP they had previously been using re authentication is not required When a WPA2 client is first authenticated it receives a Pairwise Mas...

Страница 110: ... wireless a vap 0 7 95 Enterprise AP if wireless a VAP 0 description RD AP 3 7 107 Enterprise AP if wireless a VAP 0 vlan id 1 7 134 Enterprise AP if wireless a VAP 0 closed system 7 108 Enterprise AP if wireless a VAP 0 authentication timeout interval 30 7 109 Enterprise AP if wireless a VAP 0 association timeout interval 20 7 109 Enterprise AP if wireless a VAP 0 max association 32 7 108 Enterpr...

Страница 111: ...d the access point checks the MAC address Basic Service Set Identifier BSSID of each access point that it finds against a RADIUS server to determine whether the access point is allowed With RADIUS authentication disabled the access point can detect its neighboring access points only it cannot identify whether the access points are allowed or are rogues If you enable RADIUS authentication you must ...

Страница 112: ...e AP if wireless g rogue ap interval 120 7 116 Enterprise AP if wireless g rogue ap scan 7 117 Enterprise AP if wireless g rogueApDetect Completed Radio G 5 APs detected rogueAPDetect Radio G refreshing ap database now Enterprise AP if wireless g exit Enterprise AP show rogue ap 7 118 802 11a Channel Rogue AP Status AP Address BSSID SSID Channel MHz RSSI 802 11g Channel Rogue AP Status AP Address ...

Страница 113: ... to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps Default Disabled Note In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitted by local regulations e g 13 channels for the United States In Turbo Mode the channel bandwidth is increased to 40 MHz to support the increased data rate Howev...

Страница 114: ...aximum supported clients You also have to ensure that high power signals do not interfere with the operation of other radio devices in the service area Options 100 50 25 12 minimum Default 100 Note When operating the access point using 5 GHz channels in a European Community country the end user and installer are obligated to operate the device in accordance with European regulatory requirements fo...

Страница 115: ...versity system Right The radio uses a single antenna on the right side Select this method when using an optional external antenna that is connected to the right antenna connector Left The radio uses a single antenna on the left side Select this method when using an optional external antenna that is connected to the left antenna connector Also select this method when using the integrated 5 GHz ante...

Страница 116: ... the access point The beacon signals allow wireless clients to maintain contact with the access point They may also carry power management information Range 20 1000 TUs Default 100 TUs Data Beacon Rate The rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Known also as the Delivery Traffic Indication Map DTIM interval it indicates how often the MAC laye...

Страница 117: ...cations The access point sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station sends a CTS clear to send frame to notify the sending station that it can start sending data If the RTS threshold is set to 0 the access point always sends RTS signals If set to 2347 the access point never sends RTS signals If set to any other value and...

Страница 118: ...prise AP if wireless a fragmentation length 512 7 104 Enterprise AP if wireless a rts threshold 256 7 105 Enterprise AP if wireless a Configuring Wi Fi Multimedia Wireless networks offer an equal opportunity for all devices to transmit data from any type of application Although this is acceptable for most applications multimedia applications with audio and video are particularly sensitive to the d...

Страница 119: ...rwards traffic WMM adds data packets to four independent transmit queues one for each AC depending on the 802 1D priority tag of the packet Data packets without a priority tag are always added to the Best Effort AC queue From the four queues an internal virtual collision resolution mechanism first selects data with the highest priority to be granted a transmit opportunity Then the same collision r...

Страница 120: ...f Minimum Wait Time Random Wait Time Figure 6 1 WMM Backoff Wait Times For high priority traffic the AIFSN and CW values are smaller The smaller values equate to less backoff and wait time and therefore more transmit opportunities To configure WMM select the Radio Settings page and scroll down to the WMM configuration settings 6 66 ...

Страница 121: ...it of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and the CWMin value Specify the CWMin value in the range 0 15 microseconds Note that the CWMin value must be equal or less than the CWMax value logCWMax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium access ...

Страница 122: ... access point The wmm acknowledge policy command is used to enable or disable a policy for each access category The wmmparms command defines detailed WMM parameters Enterprise AP if wireless a wmm required 7 136 Enterprise AP if wireless a wmm acknowledge policy 0 noack 7 136 Enterprise AP if wireless a wmmparams ap 0 4 6 3 1 1 7 137 6 68 ...

Страница 123: ...ode DISABLED Channel 36 AUTO Status DISABLED MAC Address 00 12 cf 05 95 0c 802 11 Parameters Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 6Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Maximum Association 64 stations MIC Mode ...

Страница 124: ...XOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admission Control No TXOP Limit 1 504 ms Enterprise AP Radio Settings G 802 11g The IEEE 802 11g standard operates within the 2 4 GHz band at up to 54 Mbps Also note that because the IEEE 802 11g standard is an extension of the IEEE 802 11b standard it allows clients with 802 11b wireless network cards to associate to an 802 11g access poi...

Страница 125: ...ecific to the 802 11g interface are included in this section To configure the 802 11g radio settings select the Radio Settings page Radio Mode Selects the operating mode for the 802 11g wireless interface Default 802 11b g 802 11b g Both 802 11b and 802 11g clients can communicate with the access point up to 54 Mbps 802 11b only Both 802 11b and 802 11g clients can communicate with the access poin...

Страница 126: ...e is affected by the data rate The lower the data rate the longer the transmission distance Default 54 Mbps Super G The Atheros proprietary Super G performance enhancements are supported by the access point These enhancements include bursting compression fast frames and dynamic turbo Maximum throughput ranges between 40 to 60 Mbps for connections to Atheros compatible clients Default Disabled Prea...

Страница 127: ...P if wireless g Security The access point is configured by default as an open system which broadcasts a beacon signal including the configured SSID Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point To improve wireless network security you have to implement two main functions Auth...

Страница 128: ...ers support for legacy WEP clients but with increased security risk i e WEP authentication keys disabled Requires configured RADIUS server 802 1X EAP type may require management of digital certificates for clients and server WPA PSK Mode Requires WPA enabled system and network card driver native support provided in Windows XP Provides good security in small networks Requires manual management of p...

Страница 129: ...ings Authentication Shared Key or Open System Encryption Enable 802 1x Disable Local RADIUS or Disabled Yesc Dynamic WEP 802 1x only Interface Detail Settings Authentication Open System Encryption Enable 802 1x Required Set 802 1x key refresh and reauthentication rates Local RADIUS or Disabled Yesc 802 1x WPA only Interface Detail Settings Authentication WPA Encryption Enable WPA Configuration Req...

Страница 130: ... Encryption Enable WPA Configuration Required Cipher Suite AES CCMP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or Disabled Yes WPA2 Pre Shared Key only Interface Detail Settings Authentication WPA2 PSK Encryption Enable WPA Configuraton Required Cipher Suite AES CCMP 802 1x Disable WPA Pre shared Key Type Hexadicmal or Alphanumeric Enter a WPA Pre shared key Local or D...

Страница 131: ...02 1X authentication is not performed Enabling the VAPs Before enabling the Virtual Access Point VAP radio interfaces first configure all of the relevant raido settings see Radio Settings A 802 11a on page 6 53 or Radio Settings G 802 11g on page 6 70 After you have configured the radio settings select Security under Radio A or Radio G set an SSID to identify the wireless network service provided ...

Страница 132: ...ed for a high level of network security For more robust wireless security the access point provides Wi Fi Protected Access WPA for improved data encryption and user authentication Setting up shared keys enables the basic IEEE 802 11 Wired Equivalent Privacy WEP on the access point to prevent unauthorized access to the network If you choose to use WEP shared keys instead of an open system be sure t...

Страница 133: ...with clients using static WEP keys and WPA select WEP transmit key index 2 3 or 4 The access point uses transmit key index 1 for the generation of dynamic keys To enable WEP shared keys for a VAP interface click Security under Radio A or Radio G Then select the VAP interface that will use WEP keys by clicking More and configure the Authentication Type Setup and Encryption fields Authentication Typ...

Страница 134: ... web or CLI in order to enable all types of encryption WEP TKIP or AES in the access point CLI Commands for WEP Shared Key Security To enable WEP shared key security for the 802 11g interface use the interface wireless g command from the CLI configuration mode to access the interface mode for the 802 11g radio First use the key command to define up to four WEP keys that can be used for all VAP int...

Страница 135: ... mixed mode Transmit Power FULL 5 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length SHORT OR LONG Maximum Association 64 stations MIC Mode Software Super G Disabled VLAN ID 1 Security Close...

Страница 136: ...C3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admissi...

Страница 137: ... a client the access point and a RADIUS server that prevents users from accidentally joining a rogue network Only when a RADIUS server has authenticated a user s credentials will encryption keys be sent to the access point and client Note To implement WPA on wireless clients requires a WPA enabled network card driver and 802 1X client software that supports the EAP authentication type that you wan...

Страница 138: ...upport for TKIP encryption The main differences and enhancements in WPA2 can be summarized as follows Advanced Encryption Standard AES WPA2 uses AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 bit key The AES CCMP encryption ciphe...

Страница 139: ...eless network it has to be fully authenticated When the client is about to roam to another access point in the network the access point sends pre authentication messages to the new access point that include the client s security association information Then when the client sends an association request to the new access point the client is known to be already authenticated so it proceeds directly t...

Страница 140: ...ication WPA2 PSK Clients using WPA2 with a Pre shared Key are accepted for authentication WPA WPA2 mixed Clients using WPA or WPA2 over 802 1X are accepted for authentication WPA WPA2 PSK mixed Clients using WPA or WPA2 with a Pre shared Key are accepted for authentication WPA Configuration Each VAP interface can be configured to allow only WPA enabled clients to access the network Required or to ...

Страница 141: ...m the VAP interface configuration mode use the auth wpa psk required command to enable WPA Pre shared Key security To enter a key value use the wpa pre shared key command to specify a hexadecimal or alphanumeric key To view the current security settings use the show interface wireless a 0 3 or show interface wireless g 0 3 command not shown in example Enterprise AP config interface wireless g 7 88...

Страница 142: ...6 Enterprise AP if wireless g VAP 0 802 1X session timeout 300 7 67 Enterprise AP if wireless g VAP 0 Configuring 802 1X IEEE 802 1X is a standard framework for network access control that uses a central RADIUS server for user authentication This control feature prevents unauthorized access to the network by requiring an 802 1X client application to submit user credentials for authentication The 8...

Страница 143: ...s not initiate 802 1X authentication For clients initiating 802 1X only those successfully authenticated are allowed to access the network For those clients not initiating 802 1X access to the network is allowed after successful wireless association with the access point The 802 1X supported mode allows access for clients not using WPA or WPA2 security Required The access point enforces 802 1X aut...

Страница 144: ...t key refresh rate 5 7 66 Enterprise AP if wireless g VAP 0 802 1X session key refresh rate 5 7 67 Enterprise AP if wireless g VAP 0 802 1X session timeout 300 7 67 Enterprise AP Status Information The Status page includes information on the following items Menu Description Page AP Status Displays configuration settings for the basic system and the wireless interface 6 90 Station Status Shows the ...

Страница 145: ...C The physical layer address for the 802 11b g interface System Name Name assigned to this system System Contact Administrator responsible for the system IP Address IP address of the management interface for this device IP Default Gateway IP address of the gateway router between this device and management stations that exist on other network segments HTTP Server Shows if management access via HTTP...

Страница 146: ...tings To view the current access point system settings use the show system command from the Exec mode To view the current radio interface settings use the show interface wireless a or show interface wireless g command see page 7 111 Enterprise AP show system 7 23 System Information Serial Number A123456789 System Up time 0 days 4 hours 33 minutes 29 seconds System Name Enterprise Wireless AP Syste...

Страница 147: ...Privacy WEP to verify client identity by distributing a shared key to stations before attempting authentication Associated Shows if the station has been successfully associated with the access point Once authentication is completed stations can associate with the current access point or reassociate with a new access point The association procedure allows the wireless system to track the location o...

Страница 148: ...mation if wireless A VAP 0 802 11a Channel Auto No 802 11a Channel Stations if wireless A VAP 1 802 11a Channel Auto No 802 11a Channel Stations No 802 11a Channel Stations if wireless A VAP 3 802 11a Channel Auto No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel Auto No 802 11g Channel Stations if wireless G VAP 1 802 11g Channel Auto No 802 11g Channel Stations No 802 11g Channel S...

Страница 149: ...r Messages An example of a logged error message is Station Failed to authenticate unsupported algorithm This message may be caused by any of the following conditions Access point was set to Open Authentication but a client sent an authentication request frame with a Shared key Access point was set to Shared Key Authentication but a client sent an authentication frame for Open System WEP keys do no...

Страница 150: ...om the Global Configuration mode Enterprise AP show event log 7 33 Mar 09 11 57 55 Information 802 11g 11g Radio Interface Enabled Mar 09 11 57 55 Information 802 11g Radio channel updated to 8 Mar 09 11 57 34 Information 802 11g 11g Radio Interface Enabled Mar 09 11 57 18 Information 802 11g 11g Radio Interface Enabled Mar 09 11 56 35 Information 802 11a 11a Radio Interface Enabled Mar 09 11 55 5...

Страница 151: ...ach port ID Displays the port ID number Priority The priority designated to the specified port Path Cost Displays the path cost value for the specified port Status Displays if STP is enabled or disabled for the specified port State Display the STP state for the specified port 6 97 ...

Страница 152: ...6 System Configuration 6 98 ...

Страница 153: ...gin screen displays Username admin Password Enterprise AP Caution Command examples shown later in this chapter abbreviate the console prompt to AP for simplicity Telnet Connection Telnet operates over the IP transport protocol In this environment your management station and any network device you want to manage over the network must have a valid IP address Valid IP addresses consist of four number...

Страница 154: ... the Telnet command the login screen displays Username admin Password Enterprise AP Caution You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show i...

Страница 155: ...w displays a list of possible show commands Enterprise AP show APmanagement Show management AP information authentication Show Authentication parameters bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp relay Show DHCP Relay Configuration event log Show event log on console filters Show filters hardware Show hardware version history Display the session his...

Страница 156: ...mands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands g...

Страница 157: ...on and include command such as dns and ip Interface Wireless Configuration IC W These commands modify the wireless port configuration of global parameters for the radio and include commands such as channel and transmit power Interface Wireless Virtual Access Point Configuration IC W VAP These commands modify the wireless port configuration for each VAP and include commands such as ssid and authent...

Страница 158: ...rent command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Shows the last command Ctrl R Repeats current command line on a new line Ctrl U Deletes the entire line Ctrl W Deletes the last word typed Esc B Moves the cursor backward one word Esc D Deletes from the cursor to the end of the word Esc F Moves the cursor forward one word Delete key or backspace key Er...

Страница 159: ...encryption settings 7 114 Rogue AP Detection Configures settings for the detection of rogue access points in the network 7 114 Link Integrity Configures a link check to a host device on the wired network 7 128 IAPP Enables roaming between multi vendor access points 7 132 VLANs Configures VLAN membership 7 133 WMM Configures WMM quality of service parameters 7 135 The access mode shown in the follo...

Страница 160: ...lt Setting None Command Mode Exec Example Enterprise AP configure Enterprise AP config Related Commands end 7 8 end This command returns to the previous configuration mode Default Setting None Command Mode Global Configuration Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode Enterprise AP if ethernet end Enterprise AP ...

Страница 161: ...ng None Command Mode Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this desti...

Страница 162: ...ys run the Power On Self Test Example This example shows how to reset the system Enterprise AP reset board Reboot system now y n y show history This command shows the contents of the command history buffer Default Setting None Command Mode Exec Command Usage The history buffer size is fixed at 10 commands Use the up or down arrow keys to scroll through the commands in the history buffer Example In...

Страница 163: ...e Designation prompt Customizes the command line prompt GC 7 14 system name Specifies the host name for the access point GC 7 14 snmp server contact Sets the system contact string GC 7 41 snmp server location Sets the system location string GC 7 42 Management Access username Configures the user name for management access GC 7 15 password Specifies the password for management access GC 7 15 ip ssh ...

Страница 164: ...ration information for the system Exec 7 24 show hardware Displays the access point s hardware version Exec 7 28 country This command configures the access point s country code which identifies the country of operation and sets the authorized radio channels Syntax country country_code country_code A two character code that identifies the country of operation See the following table for a full list...

Страница 165: ...Chile CL Ireland IE Pakistan PK United States US China CN Israel IL Panama PA Uruguay UY Colombia CO Italy IT Peru PE Uzbekistan UZ Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZW Denmark DK Korea Republic KR Slovenia SI Elsalvador SV Luxembourg LU S...

Страница 166: ...o prompt string Any alphanumeric string to use for the CLI prompt Maximum length 32 characters Default Setting Enterprise AP Command Mode Global Configuration Example Enterprise AP config prompt RD2 RD2 config system name This command specifies or modifies the system name for this device Use the no form to restore the default system name Syntax system name name no system name name The name of this...

Страница 167: ...dmin Command Mode Global Configuration Example Enterprise AP config username bob Enterprise AP config password After initially logging onto the system you should set the password Remember to record it in a safe place Use the no form to reset the default password Syntax password password no password password Password for management access Length 3 16 characters case sensitive Default Setting smcadm...

Страница 168: ...ate host encryption keys The SSH server is disabled while the keys are being generated The show system command displays the status of the SSH server Example Enterprise AP if ethernet ip ssh server enable Enterprise AP if ethernet ip ssh server port This command sets the Secure Shell server port Use the no form to disable the server Syntax ip ssh server port port number port number The UDP port use...

Страница 169: ...AP if ethernet ip telnet server enable Enterprise AP if ethernet ip http port This command specifies the TCP port number used by the web browser interface Use the no form to use the default port Syntax ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Enterprise AP conf...

Страница 170: ...rise AP config ip http server Enterprise AP config Related Commands ip http port 7 17 ip http session timeout This command sets the time limit for an idle web interface session Syntax ip http session timeout time time Sets the web interface session timeout Range 0 1800 seconds 0 means disabled Default Setting 300 seconds Command Mode Global Configuration Example Enterprise AP config ip http sessio...

Страница 171: ...se the same port To avoid using common reserved TCP port numbers below 1024 the configurable range is restricted to 443 and between 1024 and 65535 If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Enterprise AP config ip https port 1234 Enterprise AP config ip https server Us...

Страница 172: ...TTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for ...

Страница 173: ...interface on the access point from an invalid address the unit will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the sa...

Страница 174: ...bles the selected management access method Default Setting All enabled Command Mode Global Configuration Example This example restricts management access to the indicated addresses Enterprise AP config apmgmtui SNMP enable Enterprise AP config show apmanagement This command shows the AP management configuration including the IP addresses of management stations allowed to access the access point as...

Страница 175: ...ontact System Country Code US UNITED STATES MAC Address 00 30 F1 F0 9A 9C IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 HTTPS Server ENABLED HTTPS Server Port 443 Slot Status Dual band a g Boot Rom Version v3 0 3 Software Version v4 3 1 9 SSH Server ...

Страница 176: ...le Enterprise AP show config Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter Table No Filter Entries Bootfile Information Bootfile ec img bin Protocol Filter Information ...

Страница 177: ...0 5 dBm Data Rate 54Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs DTIM Interval 1 beacon Maximum Association 64 stations Native VLAN ID 1 Security Closed System DISABLED Multicast cipher WEP Unicast cipher TKIP and AES WPA clients REQUIRED WPA Key Mgmt Mode PRE SHARED KEY WPA PSK Key Type ALPHANUMERIC Encryption DISABLED Default Transmit Key 1 Static Keys...

Страница 178: ... 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX SNMP Information Service State Disable Community ro Community rw Location Contact Contact EngineId 80 00 07 e5 80 00 00 29 f6 00 00 00 0c EngineBoots 2 Trap Destination...

Страница 179: ...sabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 00 14 Jan 1st 1970 Time Zone 5 BOGOTA EASTERN INDIANA Daylight Saving Disabled Station Table Information if wireless A VAP 0 802 11a Channel Auto N o 802 11a Channel Stations if wireless G VAP 0 802 11g Channel Auto N o 802 11g Channel Stations System Information Serial Number System Up time 0 days 0 hours 16 minutes...

Страница 180: ...g on the access point Table 7 6 System Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 7 29 logging host Adds a syslog server host IP address that will receive logging messages GC 7 29 logging console Initiates logging of error messages to the console GC 7 30 logging level Defines the minimum severity level for event logging GC 7 30 logging facility typ...

Страница 181: ...e stored in memory Example Enterprise AP config logging on Enterprise AP config logging host This command specifies syslog servers host that will receive logging messages Use the no form to remove syslog server host Syntax logging host 1 2 3 4 host_name host_ip_address udp_port no logging host 1 2 3 4 1 First syslog server 2 Second syslog server 3 Third syslog server 4 Fourth syslog server host_na...

Страница 182: ... to the console Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration Example Enterprise AP config logging console Enterprise AP config logging level This command sets the minimum severity level for event logging Syntax logging level Emergency Alert Critical Error Warning Notice Informational Debug Default Setting Informational Command Mode Global Con...

Страница 183: ...tions e g return false unexpected return Notice Normal but significant condition such as cold start Informational Informational messages only Debug Debugging messages Example Enterprise AP config logging level alert Enterprise AP config logging facility type This command sets the facility type for remote logging of syslog messages Syntax logging facility type type type A number that indicates the ...

Страница 184: ...ears all log messages stored in the access point s memory Syntax logging clear Command Mode Global Configuration Example Enterprise AP config logging clear Enterprise AP config show logging This command displays the logging configuration Syntax show logging Command Mode Exec Example Enterprise AP show logging Logging Information Syslog State Enabled Logging Console State Enabled Logging Level Aler...

Страница 185: ...mation 802 11a 11a Radio Interface Disabled Mar 09 11 55 40 Information 802 11a Transmit Power set to QUARTER Press n next p previous a abort y continue to end Enterprise AP configure Enter configuration commands one per line End with CTRL Z Enterprise AP config logging clear System Clock Commands These commands are used to configure SNTP and system clock settings on the access point Table 7 7 Sys...

Страница 186: ...abled using the sntp server enable command the sntp server ip command specifies the time servers from which the access point polls for time updates The access point will poll the time servers in the order specified until a response is received Example Enterprise AP config sntp server ip 10 1 0 19 Enterprise AP Related Commands sntp server enable 7 34 show sntp 7 37 sntp server enable This command ...

Страница 187: ...ple Enterprise AP config sntp server enable Enterprise AP config Related Commands sntp server ip 7 34 show sntp 7 37 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Command Mode Global Configuration Example This example sets the system clock to 17 37 June 19 2003 Enterprise AP sntp server date time Enter Year 1970 2100 2003 Enter Month 1 12 6 Enter ...

Страница 188: ...specified period Example This sets daylight savings time to be used from July 1st to September 1st Enterprise AP config sntp server daylight saving Enter Daylight saving from which month 1 12 6 and which day 1 31 1 Enter Daylight saving end to which month 1 12 9 and which day 1 31 1 Enterprise AP config sntp server timezone This command sets the time zone for the access point s internal clock Synt...

Страница 189: ...and minutes your time zone is east before or west after of UTC Example Enterprise AP config sntp server timezone 8 Enterprise AP config show sntp This command displays the current time and configuration settings for the SNTP client Command Mode Exec Example Enterprise AP show sntp SNTP Information Service State Enabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 08 0...

Страница 190: ... dhcp relay enable Enables the DHCP relay agent GC 7 38 dhcp relay Sets the primary and secondary DHCP server address GC 7 39 show dhcp relay Shows current DHCP relay configuration settings Exec 7 39 dhcp relay enable This command enables the access point s DHCP relay agent Use the no form to disable the agent Syntax no dhcp relay enable Default Setting Disabled Command Mode Global Configuration C...

Страница 191: ...ddress IP address of the server Default Setting Primary and secondary 0 0 0 0 Command Mode Global Configuration Example Enterprise AP config dhcp relay primary 192 168 1 10 Enterprise AP config show dhcp relay This command displays the current DHCP relay configuration Command Mode Exec Example Enterprise AP show dhcp relay DHCP Relay ENABLED Primary DHCP Server 192 168 1 10 Secondary DHCP Server 0...

Страница 192: ...ications GC 7 44 snmp server engine id Sets the engine ID for SNMP v3 GC 7 45 snmp server user Sets the name of the SNMP v3 user GC 7 46 snmp server targets Configures SNMP v3 notification targets GC 7 48 snmp server filter Configures SNMP v3 notification filters GC 7 49 snmp server filter assignments Assigns SNMP v3 notification filters to targets GC 7 50 show snmp groups Displays the pre defined...

Страница 193: ...re able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option the default is read only Exam...

Страница 194: ...ation text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Enterprise AP config snmp server location WC 19 Enterprise AP config Related Commands snmp server contact 7 41 snmp server enable server This command enables SNMP management access and also enables this device to send SNMP traps i e notifications Use the...

Страница 195: ...t Syntax snmp server host 1 2 3 4 host_ip_address host_name community string no snmp server host 1 First SNMP host 2 Second SNMP host 3 Third SNMP host 4 Fourth SNMP host host_ip_address IP of the host the targeted recipient host_name Name of the host Range 1 63 characters community string Password like community string sent with the notification operation Although you can set this string using th...

Страница 196: ...1StationAuthentication A client station has been successfully authenticated dot11StationReAssociation A client station has successfully re associated with the access point dot11StationRequestFail A client station has failed association re association or authentication dot1xAuthFail A 802 1X client station has failed RADIUS authentication dot1xAuthNotInitiated A client station did not initiate 802 ...

Страница 197: ...erChanged The access point has changed from the primary RADIUS server to the secondary or from the secondary to the primary sysSystemDown The access point is about to shutdown and reboot sysSystemUp The access point is up and running Default Setting All traps enabled Command Mode Global Configuration Command Usage This command is used in conjunction with the snmp server host and snmp server enable...

Страница 198: ...er user user name user name A user defined string for the SNMP user 32 characters maximum Default Setting None Command Mode Global Configuration Command Usage Up to 10 SNMPv3 users can be configured on the access point The SNMP engine ID is used to compute the authentication privacy digests from the pass phrase You should therefore configure the engine ID with the snmp server engine id command bef...

Страница 199: ... none auth passphrase The user password required when authentication is used 8 32 characters priv proto The encryption type used for SNMP data encryption des or none priv passphrase The user password required when data encryption is used 8 32 characters Users must be assigned to groups that have the same security levels If a user who has AuthPriv security uses authentication and encryption is assi...

Страница 200: ...name The defined SNMP v3 user name that is to receive notifications version The SNMP version of notifications Currently only version 3 is supported in this command udp port The UDP port that is used on the receiving management station for notifications notification type The type of notification that is sent Currently only TRAP is supported Default Setting None Command Mode Global Configuration Com...

Страница 201: ...ws up to 10 notification filters to be created Each filter can be defined by up to 20 MIB subtree ID entries Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects Note that the filter entries are applied in the sequence that they are defined The MIB subtree must be defined in the form 1 3 6 1 and always start with a The mask is a he...

Страница 202: ...ers filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Default Setting None Command Mode Global Configuration Example Enterprise AP config snmp server filter assignments mytraps trapfilter Enterprise AP config exit Enterprise AP show snmp target Host ID mytraps User chris IP Address 192 168 1 33 UDP Port 162 Enterprise AP show snmp filter assi...

Страница 203: ...tyLevel AuthPriv Enterprise AP show snmp users This command displays the SNMP v3 users and settings Syntax show snmp users Command Mode Exec Example Enterprise AP show snmp users UserName chris GroupName RWPriv AuthType MD5 Passphrase PrivType DES Passphrase Enterprise AP show snmp group assignments This command displays the SNMP v3 user group assignments Syntax show snmp group assignments Command...

Страница 204: ...mp target Host ID mytraps User chris IP Address 192 168 1 33 UDP Port 162 Enterprise AP show snmp filter This command displays the SNMP v3 notification filter settings Syntax show snmp filter filter id filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Command Mode Exec Example Enterprise AP show snmp filter Filter trapfilter Type include Subt...

Страница 205: ...Commands 7 This command displays the SNMP v3 notification filter assignments Syntax show snmp filter assignments Command Mode Exec Example Enterprise AP show snmp filter assignments HostID FilterID Enterprise AP mytraps trapfilter 7 53 ...

Страница 206: ...e Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess EnablediappContextDataSent Enabled iappStationRoamedFrom Enabled iapp...

Страница 207: ...n flash memory Exec 7 58 show bootfile Displays the name of the current operation code file that booted the system Exec 7 58 bootfile This command specifies the image used to start up the system Syntax bootfile filename filename Name of the image file Default Setting None Command Mode Exec Command Usage The file name should not contain slashes or the leading letter of the file name should not be a...

Страница 208: ...on file from flash memory Default Setting None Command Mode Exec Command Usage The system prompts for data required to complete the copy command Only a configuration file can be uploaded to an FTP TFTP server but every type of file can be downloaded to the access point The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum...

Страница 209: ... Command Mode Exec Caution Beware of deleting application images from flash memory At least one application image is required in order to boot the access point If there are multiple image files in flash memory and the one used to boot the access point is deleted be sure you first use the bootfile command to update the application image file booted at startup before you reboot the access point Exam...

Страница 210: ...bytes Example The following example shows how to display all file information Enterprise AP dir File Name Type File Size dflt img bin 2 1044140 syscfg 5 16860 syscfg_bak 5 16860 zz img bin 2 1044140 1048576 byte s available Enterprise AP show bootfile This command displays the name of the current operation code file that booted the system Syntax show snmp filter assignments Command Mode Exec Examp...

Страница 211: ...retries GC 7 61 radius server timeout Sets the interval between sending authentication requests GC 7 61 radius server port accounting Sets the RADIUS Accounting server network port GC 7 62 radius server timeout interim Sets the interval between transmitting accounting updates to the RADIUS server GC 7 62 radius server radius mac format Sets the format for specifying MAC addresses on the RADIUS ser...

Страница 212: ... Range 1024 65535 Default Setting 1812 Command Mode Global Configuration Example Enterprise AP config radius server port 181 Enterprise AP config radius server key This command sets the RADIUS encryption key Syntax radius server secondary key key_string secondary Secondary server key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum le...

Страница 213: ...nfiguration Example Enterprise AP config radius server retransmit 5 Enterprise AP config radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Syntax radius server secondary timeout number_of_seconds secondary Secondary server number_of_seconds Number of seconds the access point waits for a reply before resending a request Range 1 60...

Страница 214: ...a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point Example Enterprise AP config radius server port accounting 1813 Enterprise AP config radius server timeout interim This command sets the interval between transmitting accounting updates to the RADIUS server Syntax radius server secondary timeout interim number_of_seconds second...

Страница 215: ...iter Enter MAC addresses in the form xxxxxxxxxxxx single dash Enter MAC addresses in the form xxxxxx xxxxxx Default Setting No delimiter Command Mode Global Configuration Example Enterprise AP config radius server radius mac format multi dash Enterprise AP config radius server vlan format This command sets the format for specifying VLAN IDs on the RADIUS server Syntax radius server vlan format hex...

Страница 216: ...d Mode Exec Example Enterprise AP show radius Radius Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Enterprise AP 7 64 ...

Страница 217: ...ons using 802 1X dynamic keying IC W VAP 7 66 802 1x session key refresh rate Sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying IC W VAP 7 67 802 1x session timeout Sets the timeout after which a connected client must be re authenticated IC W VAP 7 67 802 1x supplicant enable Enables the access point to operate as a 802 1X supplicant GC 7 66...

Страница 218: ...quired the access point enforces 802 1X authentication for all 802 11 associated stations If 802 1X authentication is not initiated by the station the access point will initiate authentication Only those stations successfully authenticated with 802 1X are allowed to access the network 802 1X does not apply to the 10 100Base TX port Example Enterprise AP config 802 1x supported Enterprise AP config...

Страница 219: ...sword no 802 1x supplicant user username The access point name used for authentication to the network Range 1 32 alphanumeric characters password The MD5 password used for access point authentication Range 1 32 alphanumeric characters Default None Command Mode Global Configuration Command Usage The access point currently only supports EAP MD5 CHAP for 802 1X supplicant authentication Example Enter...

Страница 220: ...tication Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter Table MAC Address Status 00 70 50 cc 99 1a DENIED 00 70 50 cc 99 1b ALLOWED Enterprise AP config 7 68 ...

Страница 221: ...e Removes a MAC address from the filter table GC 7 70 mac authentication server Sets address filtering to be performed with local or remote options GC 7 71 mac authentication session timeout Sets the interval at which associated clients will be re authenticated with the RADIUS server authentication database GC 7 71 show authentication Shows all 802 1X authentication settings as well as the address...

Страница 222: ... Global Configuration Command Mode The access point supports up to 1024 MAC addresses An entry in the address table may be allowed or denied access depending on the global setting configured for the address entry default command Example Enterprise AP config address filter entry 00 70 50 cc 99 1a allowed Enterprise AP config Related Commands address filter default 7 69 802 1x supplicant user 7 67 a...

Страница 223: ...n database during 802 11 association remote Authenticate the MAC address of wireless clients with the RADIUS server during 802 1X authentication Default Disabled Command Mode Global Configuration Example Enterprise AP config mac authentication server remote Enterprise AP config Related Commands address filter entry 7 70 radius server address 7 59 802 1x supplicant user 7 67 mac authentication sess...

Страница 224: ...ommands Command Function Mode Page filter local bridge Disables communication between wireless clients GC 7 73 filter ap manage Prevents wireless clients from accessing the management interface GC 7 73 filter uplink enable Ethernet port MAC address filtering GC 7 74 filter uplink Adds or deletes a MAC address from the filtering table GC 7 74 filter ethernet type enable Checks the Ethernet type for...

Страница 225: ...ents can communicate with clients associated to other VAP interfaces Default Disabled Command Mode Global Configuration Command Usage This command can disable wireless to wireless communications between clients via the access point However it does not affect communications between wireless clients and the wired network Example Enterprise AP config filter local bridge Enterprise AP config filter ap...

Страница 226: ... add delete MAC address MAC address Specifies a MAC address in the form xx xx xx xx xx xx A maximum of four addresses can be added to the filtering table Default Disabled Command Mode Global Configuration Example Enterprise AP config filter uplink add 00 12 34 56 78 9a Enterprise AP config filter ethernet type enable This command checks the Ethernet type on all incoming and outgoing Ethernet packe...

Страница 227: ...et type protocol protocol protocol An Ethernet protocol type Options ARP RARP Berkeley Trailer Negotiation LAN Test X25 Level 3 Banyan CDP DEC XNS DEC MOP Dump Load DEC MOP DEC LAT Ethertalk Appletalk ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test IP IPv6 NetBEUI PPPoE_Discovery PPPoE_PPP_Session Default None Command Mode Global Configuration Command Usage Use the ...

Страница 228: ...ion System WDS forwarding table settings Command Function Mode Page bridge mode Selects Master or Slave mode IC W 7 77 bridge role Selects the bridge operation mode for a radio interface IC W 7 77 bridge channel auto sync Automatically finds the parent bridge operating channel IC W 7 78 bridge link parent Configures the MAC addresses of the parent bridge node IC W 7 78 bridge link child Configures...

Страница 229: ... extending the range for remote wireless clients and connecting them to the root bridge The Parent link to the root bridge must be configured In this mode traffic is not forwarded to the Ethernet port from the radio interface bridge Operates as a bridge to other access points also in bridge mode root bridge Operates as the root bridge in the wireless bridge network Default Setting AP Command Mode ...

Страница 230: ... the operating channel of its parent bridge Caution Do not enable Channel Auto Sync on a master bridge if there is no root bridge acting as the master bridge s parent Syntax bridge channel auto sync enable disable enable The bridge will automatically search and find the operating channel of its parent disable The bridge must have the operating channel manually set to the operating channel of its p...

Страница 231: ...the child node Range 1 6 mac address The wireless MAC address of a child bridge unit 12 hexadecimal digits in the form xx xx xx xx xx xx Default Setting None Command Mode Interface Configuration Wireless Command Usage In root bridge mode up to six child bridge links can be specified using link index numbers 1 to 6 In bridge mode up to five child links can be specified using link index numbers 2 to...

Страница 232: ...conds Command Mode Global Configuration Command Usage If the MAC address of an entry in the address table is not seen on the associated interface for longer than the aging time the entry is discarded Example Enterprise AP config bridge dynamic entry age time 100 Enterprise AP config show bridge aging time This command displays the current WDS forwarding table aging time setting Command Mode Exec E...

Страница 233: ...0 30 f1 f0 9b 23 1 0 1 300 300 Static 00 30 f1 f0 9b 24 1 0 1 300 300 Static 00 30 f1 f0 9b 25 1 0 1 300 300 Static 00 30 f1 f0 9b 26 1 0 1 300 300 Static 00 30 f1 f0 9b 27 1 0 1 300 300 Static 00 30 f1 2f be 30 1 3 0 300 175 Dynamic 00 30 f1 f0 9a 9c 1 0 1 300 300 Static ff ff ff ff ff ff 0 4 4095 300 300 Static Enterprise AP show bridge link This command displays WDS bridge link and spanning tre...

Страница 234: ...te Disabled priority 0 path cost 19 message age Timer Inactive message age 4469 designated root priority 32768 MAC 00 30 F1 F0 9A 9C designated cost 0 designated bridge priority 32768 MAC 00 30 F1 F0 9A 9C designated port priority 0 port No 11 forward transitions 0 Enterprise AP Enterprise AP show bridge link ethernet status Enabled state Forwarding priority 0 path cost 19 message age Timer Inacti...

Страница 235: ...ge GC 7 85 bridge stp priority Configures the spanning tree bridge priority GC 7 85 bridge link path cost Configures the spanning tree path cost of a port IC 7 86 bridge link port priority Configures the spanning tree priority of a port IC 7 86 show bridge stp Displays the global spanning tree settings Exec 7 87 show bridge link Displays current bridge settings for specified interfaces Exec 7 81 b...

Страница 236: ...t receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example Enterprise AP config bridge stp forwarding delay 20 Enterprise AP config bridge stp hello time Use this command to configure the spanning tree brid...

Страница 237: ...econds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the d...

Страница 238: ...dge Range 1 6 required on wireless interface only cost The path cost for the port Range 1 65535 Default Setting 19 Command Mode Interface Configuration Command Usage This command is used by the Spanning Tree Protocol to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost ...

Страница 239: ...ireless a bridge link port priority 1 64 Enterprise AP if wireless a Related Commands bridge link path cost 7 86 show bridge stp This command displays aging time and spanning tree settings for the Ethernet and wireless interfaces Syntax show bridge stp Command Mode Exec Example Enterprise AP show bridge stp Bridge MAC 00 12 CF 05 B7 84 Status Disabled priority 0 designated root priority 0 MAC 00 0...

Страница 240: ...7 89 ip address Sets the IP address for the Ethernet interface IC E 7 89 ip dhcp Submits a DHCP request for an IP address IC E 7 90 speed duplex Configures speed and duplex operation on the Ethernet interface IC E 7 91 shutdown Disables the Ethernet interface IC E 7 92 show interface ethernet Shows the status for the Ethernet interface Exec 7 92 interface ethernet This command enters Ethernet inte...

Страница 241: ...servers are queried in sequence Example This example specifies two domain name servers Enterprise AP if ethernet dns primary server 192 168 1 55 Enterprise AP if ethernet dns secondary server 10 1 0 55 Enterprise AP if ethernet Related Commands show interface ethernet 7 92 ip address This command sets the IP address for the access point Use the no form to restore the default IP address Syntax ip a...

Страница 242: ... be accepted by the configuration program Example Enterprise AP config interface ethernet Enter Ethernet configuration commands one per line Enterprise AP if ethernet ip address 192 168 1 2 255 255 255 0 192 168 1 253 Enterprise AP if ethernet Related Commands ip dhcp 7 90 ip dhcp This command enables the access point to obtain an IP address from a DHCP server Use the no form to restore the defaul...

Страница 243: ...lex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex auto 10MH 10MF 100MF 100MH auto autonegotiate speed and duplex mode 10MH Forces 10 Mbps half duplex operation 10MF Forces 10 Mbps full duplex operation 100MH Forces 100 Mbps half duplex operation 100MF Forces 100 Mbps full duplex ope...

Страница 244: ...ble the Ethernet port due to abnormal behavior e g excessive collisions and reenable it after the problem has been resolved You may also want to disable the Ethernet port for security reasons Example The following example disables the Ethernet port Enterprise AP if ethernet shutdown Enterprise AP if ethernet show interface ethernet This command displays the status for the Ethernet interface Syntax...

Страница 245: ...face configuration mode IC W 7 95 speed Configures the maximum data rate at which the access point transmits unicast packets IC W 7 96 turbo Configures turbo mode to use a faster data rate IC W a 7 96 multicast data rate Configures the maximum rate for transmitting multicast packets on the wireless interface IC W 7 97 channel Configures the radio channel IC W 7 98 transmit power Adjusts the power ...

Страница 246: ...roprietary Super G performance enhancements IC W b g 7 106 description Adds a description to the wireless interface IC W VAP 7 107 ssid Configures the service set identifier IC W VAP 7 107 closed system Opens access to clients without a pre configured SSID IC W VAP 7 108 max association Configures the maximum number of clients that can be associated with the access point at the same time IC W VAP ...

Страница 247: ...To specify the 802 11a interface enter the following command Enterprise AP config interface wireless a Enterprise AP if wireless a vap This command provides access to the VAP Virtual Access Point interface configuration mode Syntax vap vap id vap id The number that identifies the VAP interface Options 0 3 Default Setting None Command Mode Interface Configuration Wireless Example Enterprise AP if w...

Страница 248: ... to the table for maximum distances on page C 6 When turbo mode is enabled page 7 107 for 802 11a the effective maximum speed specified by this command is double the entered value e g setting the speed to 54 Mbps limits the effective maximum speed to 108 Mbps Example Enterprise AP if wireless g speed 6 Enterprise AP if wireless g turbo This command sets the access point to an enhanced proprietary ...

Страница 249: ...d to 40 MHz to support the increased data rate However this reduces the number of channels supported e g 5 channels for the United States Example Enterprise AP if wireless a turbo Enterprise AP if wireless a multicast data rate This command configures the maximum data rate at which the access point transmits multicast and management packets excluding beacon packets on the wireless interface Syntax...

Страница 250: ...number of channels that are available When multiple access points are deployed in the same area be sure to choose a channel separated by at least two channels for 802 11a to avoid having the channels interfere with each other and at least five channels for 802 11b g You can deploy up to four access points in the same area for 802 11a e g channels 36 56 149 165 and three access points for 802 11b g...

Страница 251: ...operating mode for the 802 11g wireless interface Syntax radio mode b g b g b b only mode Both 802 11b and 802 11g clients can communicate with the access point but 802 11g clients can only transfer data at 802 11b standard rates up to 11 Mbps g g only mode Only 802 11g clients can communicate with the access point up to 54 Mbps b g b g mixed mode Both 802 11b and 802 11g clients can communicate w...

Страница 252: ...g Sets the preamble to short if no 802 11b clients are detected 96 microseconds Default Setting Short or Long Command Mode Interface Configuration Wireless 802 11b g Command Usage Using a short preamble instead of a long preamble can increase data throughput on the access point but requires that all clients can support a short preamble Set the preamble to long to ensure the access point can suppor...

Страница 253: ...optional external antenna that is connected to the right antenna connector Default Setting Diversity Command Mode Interface Configuration Wireless Command Usage The antenna ID must be selected in conjunction with the antenna control method to configure proper use of any of the antenna options Example Enterprise AP if wireless g antenna control right Enterprise AP if wireless g antenna id This comm...

Страница 254: ...is indicated as id 0x0000 module NA Example Enterprise AP if wireless g antenna id id 0x0000 module NA id 0x0106 module ACC04 050090 Directional Panel Ant id 0x0107 module ACC04 05028A Omni Directional Ant id 0x0108 module ACC04 05427A Omni Directional Ant id 0x0109 module ACC04 053830 0 Degree Sector Ant Enterprise AP if wireless g antenna id 0000 Enterprise AP if wireless g antenna location This...

Страница 255: ...f wireless g dtim period This command configures the rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Syntax dtim period interval interval Interval between the beacon frames that transmit broadcast or multicast traffic Range 1 255 beacon frames Default Setting 1 Command Mode Interface Configuration Wireless Command Usage The Delivery Traffic Indication...

Страница 256: ...ength Minimum packet size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 Command Mode Interface Configuration Wireless Command Usage If the packet size is smaller than the preset Fragment size the packet will not be segmented Fragmentation of the PDUs Package Data Unit can increase the reliability of transmissions because it increases the probability of a successful t...

Страница 257: ...ds RTS signals If set to 2347 the access point never sends RTS signals If set to any other value and the packet size equals or exceeds the RTS threshold the RTS CTS Request to Send Clear to Send mechanism will be enabled The access point sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station sends a CTS frame to notify the sending ...

Страница 258: ...ns to Atheros compatible clients Example Enterprise AP if wireless a super a Enterprise AP if wireless a super g This command enables Atheros proprietary Super G performance enhancements Use the no form to disable this function Syntax no super g Default Setting Disabled Command Mode Interface Configuration Wireless 802 11g Command Usage These enhancements include bursting compression fast frames a...

Страница 259: ...ise AP if wireless g VAP 0 description RD AP 3 Enterprise AP if wireless g VAP 0 ssid This command configures the service set identifier SSID Syntax ssid string string The name of a basic service set supported by the access point Range 0 7 characters Default Setting 802 11a Radio VAP_TEST_11A 0 to 3 802 11g Radio VAP_TEST_11G 0 to 3 Command Mode Interface Configuration Wireless VAP Command Usage C...

Страница 260: ...on messages Nor will it respond to probe requests from clients that do not include a fixed SSID Example Enterprise AP if wireless g VAP 0 closed system Enterprise AP if wireless g max association This command configures the maximum number of clients that can be associated with the access point at the same time Syntax max association count count Maximum number of associated stations Range 0 64 Defa...

Страница 261: ...ss g VAP 0 association timeout interval 20 Enterprise AP if wireless g VAP 0 auth timeout value This command configures the time interval within which clients must complete authentication to the VAP interface Syntax auth timeout value minutes minutes The number of minutes before re authentication Range 5 60 Default Setting 60 Command Mode Interface Configuration Wireless VAP Example Enterprise AP ...

Страница 262: ...e enabled Command Mode Interface Configuration Wireless VAP Command Usage You must first enable VAP interface 0 before you can enable VAP interfaces 1 2 3 4 5 6 or 7 Example Enterprise AP if wireless g VAP 0 shutdown Enterprise AP if wireless g 7 110 ...

Страница 263: ...ion Method CTS only Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length LONG Maximum Association 64 stations MIC Mode Software Super G Disabled VLAN ID 1 Security Close...

Страница 264: ...FSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms...

Страница 265: ...P 0 802 11a Channel 60 No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel 1 802 11g Channel Station Table Station Address 00 04 23 94 9A 9C VLAN ID 0 Authenticated Associated Forwarding KeyType TRUE FALSE FALSE NONE Counters pkts Tx Rx bytes Tx Rx 20 0 721 0 Time Associated LastAssoc LastDisAssoc LastAuth 0 0 0 0 if wireless G VAP 1 802 11g Channel 1 No 802 11g Channel Stations Enterp...

Страница 266: ...age rogue ap enable Enables the periodic detection of other nearby access points GC 7 114 rogue ap authenticate Enables identification of all access points GC 7 115 rogue ap duration Sets the duration that all channels are scanned GC 7 116 rogue ap interval Sets the time between each scan GC 7 116 rogue ap scan Forces an immediate scan of all radio channels GC 7 117 show rogue ap Shows the current...

Страница 267: ... command forces the unit to authenticate all access points on the network Use the no form to disable this function Syntax no rogue ap authenticate Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage Enabling authentication in conjunction with a database of approved access points stored on a RADIUS server allows the access point to discover rogue APs With authentica...

Страница 268: ... A long scan duration time will detect more access points in the area but causes more disruption to client access Example Enterprise AP if wireless g rogue ap duration 200 Enterprise AP if wireless g Related Commands rogue ap interval 7 116 rogue ap interval This command sets the interval at which to scan for access points Syntax rogue ap interval minutes minutes The interval between consecutive s...

Страница 269: ...ion Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access point Therefore avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP Example Enterprise AP if wireless g rogue ap scan Enterprise AP if wireless g rogueApDetect Compl...

Страница 270: ...s section configure parameters for wireless security on the 802 11a and 802 11g interfaces Table 7 19 Wireless Security Commands Command Function Mode Page auth Defines the 802 11 authentication type allowed by the access point IC W VAP 7 122 encryption Defines whether or not WEP encryption is used to provide privacy for wireless communications IC W VAP 7 121 key Sets the keys used for WEP encrypt...

Страница 271: ... on a shared key that has been distributed to all stations wpa Clients using WPA are accepted for authentication wpa psk Clients using WPA with a Pre shared Key are accepted for authentication wpa2 Clients using WPA2 are accepted for authentication wpa2 psk Clients using WPA2 with a Pre shared Key are accepted for authentication wpa wpa2 mixed Clients using WPA or WPA2 are accepted for authenticat...

Страница 272: ...e available in the wired network If a WPA WPA2 Pre shared Key mode is selected WPA PSK WPA2 PSK or WPA WPA2 PSK mixed the key must first be generated and distributed to all wireless clients before they can successfully associate with the access point Use the wpa preshared key command to configure the key see key on page 77 122 and transmit key on page 77 123 WPA2 defines a transitional mode of ope...

Страница 273: ...this device to prevent unauthorized access to your wireless network For more secure data transmissions enable encryption with this command and set at least one static WEP key with the key command The WEP settings must be the same on each client in your wireless network Note that WEP protects data transmitted between wireless nodes but does not protect any transmissions over your wired network or o...

Страница 274: ...Command Usage To enable Wired Equivalent Privacy WEP use the auth shared key command to select the shared key authentication type use the key command to configure at least one key and use the transmit key command to assign a key to one of the VAP interfaces If WEP option is enabled all wireless clients must be configured with the same shared keys to communicate with the access point The encryption...

Страница 275: ...a signals that it sends to client devices Other keys can be used for decryption of data from clients When using IEEE 802 1X the access point uses a dynamic key to encrypt unicast and broadcast messages to 802 1X enabled clients However because the access point sends the keys during the 802 1X authentication process these keys do not have to appear in the client s key list In a mixed mode environme...

Страница 276: ...ients supported by the access point are not WPA enabled the multicast cipher algorithm must be set to WEP WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key Communicating devices must use the same WEP key to encrypt and decrypt radio signals WEP has many security flaws and is not recommended for transmitting highly sensitive dat...

Страница 277: ... command specifies how to calculate the Message Integrity Check MIC Syntax mic_mode hardware software hardware Uses hardware to calculate the MIC software Uses software to calculate the MIC Default Setting software Command Mode Interface Configuration Wireless Command Usage The Michael Integrity Check MIC is part of the Temporal Key Integrity Protocol TKIP encryption used in Wi Fi Protected Access...

Страница 278: ...d Usage To support WPA or WPA2 for client authentication use the auth command to specify the authentication type and use the wpa preshared key command to specify one static key If WPA or WPA2 is used with pre shared key mode all wireless clients must be configured with the same pre shared key to communicate with the access point s VAP interface Example Enterprise AP if wireless g VAP 0 wpa pre sha...

Страница 279: ...AP 0 wpa pre shared key ASCII agoodsecret Enterprise AP if wireless g VAP 0 pre authentication This command enables WPA2 pre authentication for fast secure roaming Syntax pre authentication enable disable enable Enables pre authentication for the VAP interface disable Disables pre authentication for the VAP interface Default Setting Disabled Command Mode Interface Configuration Wireless VAP Comman...

Страница 280: ...twork If the access point detects that the connection to the host has failed it disables the radio interfaces forcing clients to find and associate with another access point When the connection to the host is restored the access point re enables the radio interfaces Table 7 20 Link Integrity Commands Command Function Mode Page link integrity ping detect Enables link integrity detection GC 7 129 li...

Страница 281: ...number of failed responses either the host does not respond or is unreachable exceeds the limit set by the link integrity ping fail retry command the link is determined as lost Example Enterprise AP config link integrity ping detect Enterprise AP config link integrity ping host This command configures the link host name or IP address Use the no form to remove the host setting Syntax link integrity...

Страница 282: ...This command configures the number of consecutive failed Ping counts before the link is determined as lost Syntax link integrity ping fail retry counts counts The number of failed Ping counts before the link is determined as lost Range 1 10 Default Setting 6 Command Mode Global Configuration Example Enterprise AP config link integrity ping fail retry 10 Enterprise AP config link integrity ethernet...

Страница 283: ...Detect SUCCESS RADIO S ENABLED Enterprise AP config show link integrity This command displays the current link integrity configuration Command Mode Exec Example Enterprise AP show link integrity Link Integrity Information Ethernet Detect Enabled Ping Detect Enabled Target IP Name 192 168 0 140 Ping Fail Retry 6 Ping Interval 30 Enterprise AP 7 131 ...

Страница 284: ...g between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802 11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another In particular this can create a problem for clients roaming betwe...

Страница 285: ... not include a VLAN tag To maintain network connectivity to the access point and wireless clients be sure that the access point is connected to a device port on a wired network that supports IEEE 802 1Q VLAN tags The VLAN commands supported by the access point are listed below Table 7 21 VLAN Commands Command Function Mode Page vlan Enables a single VLAN for all traffic GC 7 133 management vlanid ...

Страница 286: ...AN ID for the access point Syntax management vlanid vlan id vlan id Management VLAN ID Range 1 4094 Default Setting 1 Command Mode Global Configuration Command Usage The management VLAN is for managing the access point For example the access point allows traffic that is tagged with the specified VLAN to manage the access point via remote management SSH SNMP Telnet etc Example Enterprise AP config ...

Страница 287: ...prise AP if wireless g VAP 0 vlan id 3 Enterprise AP if wireless g VAP 0 WMM Commands The access point implements QoS using the Wi Fi Multimedia WMM standard Using WMM the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time WMM employs techniques that are a subset of the developing IEEE 802 11e QoS s...

Страница 288: ... if wireless a wmm required Enterprise AP if wireless a wmm acknowledge policy This command allows the acknowledgement wait time to be enabled or disabled for each Access Category AC Syntax wmm acknowledge policy ac_number ack noack ac_number Access categories Range 0 3 ack Require the sender to wait for an acknowledgement from the receiver noack Does not require the sender to wait for an acknowle...

Страница 289: ...1D priority tags as shown in Table 6 1 Range 0 3 LogCwMin Minimum log value of the contention window This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and the LogCwMin value Specify the LogCwMin value Note that the LogCwMin value must be equal or less than the LogCwMax value Range 1 15...

Страница 290: ...Voice LogCwMin 4 4 3 2 LogCwMax 10 10 4 3 AIFS 3 7 2 2 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled BSS Parameters WMM Parameters AC0 Best Effort AC1 Background AC2 Video AC3 Voice LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled Command Mode Interface Configuration Wireless Example Enterprise A...

Страница 291: ... Set ESS are configured to the same SSID and authentication method 2 If the access point cannot be configured using the Telnet a web browser or SNMP software Be sure to have configured the access point with a valid IP address subnet mask and default gateway If VLANs are enabled on the access point the management station should be configured to send tagged frames with a VLAN ID that matches the acc...

Страница 292: ... parity and 9600 bps Check that the null modem serial cable conforms to the pin out connections provided on page B 3 4 If you forgot or lost the password Contact your dealer for help 5 If all other recovery measure fail and the access point is still not functioning properly take any of these steps Reset the access point s hardware using the console interface web interface or through a power reset ...

Страница 293: ...e following figure illustrates how the pins on the RJ 45 connector are numbered Be sure to hold the connectors in the same orientation when attaching the wires to the pins 8 8 1 1 10 100BASE TX Pin Assignments Use unshielded twisted pair UTP or shielded twisted pair STP cable for RJ 45 connections 100 ohm Category 3 or better cable for 10 Mbps connections or 100 ohm Category 5 or better cable for ...

Страница 294: ... pair Straight Through Wiring Because the 10 100 Mbps port on the access point uses an MDI pin configuration you must use straight through cable for network connections to hubs or switches that only have MDI X ports However if the device to which you are connecting supports auto MDIX operation you can use either straight through or crossover cable EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX S...

Страница 295: ... White Orange Stripe Orange 1 End A 2 3 4 5 6 7 8 White Green Stripe Blue White Blue Stripe Green White Brown Stripe 1 2 End B 3 4 5 6 7 8 Brown 8 Pin DIN Connector Pinout The Ethernet cable from the power injector connects to an 8 pin DIN connector on the wireless bridge This connector is described in the following figure and table 2 1 3 7 4 8 5 6 8 Pin DIN Ethernet Port Pinout Pin Signal Name 1 ...

Страница 296: ...ry 5 or better UTP or STP cable maximum length 100 m 328 ft and be sure to connect all four wire pairs Note To construct a reliable Ethernet cable always use the proper tools or ask a professional cable supplier to construct the cable White Orange Stripe 8 Pin DIN 1 Female 2 3 4 5 6 7 8 1 2 7 3 6 8 5 4 8 Pin DIN Female Front View Orange White Green Stripe Blue White Blue Stripe Green White Brown S...

Страница 297: ... 1 11 Maximum Clients 64 per VAP interface Operating Range See Antenna Specifications on page C 6 Data Rate See Antenna Specifications on page C 6 802 11a Normal Mode 6 9 12 18 24 36 48 54 Mbps per channel Turbo Mode 12 18 24 36 48 54 96 108 Mbps per channel 802 11g 6 9 11 12 18 24 36 48 54 Mbps per channel 802 11b 1 2 5 5 11 Mbps per channel Modulation Type 802 11a BPSK QPSK 16 QAM 64 QAM 802 11g...

Страница 298: ...8 VDC 1 2 A Power consumption 13 2 watts Unit Power Supply PoE input 48 VDC 0 6 A maximum Power consumption 28 watts maximum Physical Size 19 5 x 19 x 7 4 cm 7 68 x 7 48 x 2 91 in Weight 1 54 kg 3 4 lbs LED Indicators PWR Power Link Ethernet Link Activity 11a and 11g Wireless Link Activity Network Management Web browser RS232 console Telnet SSH SNMP Temperature Operating 40 to 60 C 40 to 140 F non...

Страница 299: ...15E 15 407 11a Full range Wi Fi DGT TELEC RSS210 Canada C Tick Electromagnetic Compatibility CE Class B EN55022 CE EN55024 IEC61000 3 2 IEC61000 3 3 IEC61000 4 2 IEC61000 4 3 IEC61000 4 4 IEC61000 4 5 IEC61000 4 6 IEC61000 4 8 IEC61000 4 11 FCC Class B Part 15 VCCI Class B ICES 003 Canada Standards IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX IEEE 802 11a b g C 3 ...

Страница 300: ... QPSK 12 Mbps 88 87 87 87 QPSK 18 Mbps 85 85 85 84 16 QAM 24 Mbps 81 81 83 80 16 QAM 36 Mbps 78 78 79 77 64 QAM 48 Mbps 73 73 74 71 64QAM 54 Mbps 71 71 72 67 Table C 2 Sensitivity 802 11g Data Rate Sensitivity dBm 6 Mbps 91 9 Mbps 90 12 Mbps 89 17 Mbps 88 24 Mbps 84 36 Mbps 80 48 Mbps 75 54 Mbps 73 Table C 3 Sensitivity 802 11b Data Rate Sensitivity dBm 1 Mbps 96 2 Mbps 93 5 5 Mbps 93 11 Mbps 90 C...

Страница 301: ...17 48 Mbps 17 5 17 17 16 5 54 Mbps 17 5 17 16 5 15 Table C 5 Transmit Power 802 11g IEEE 802 11g Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467 2 472 6 Mbps 20 20 20 9 Mbps 20 20 20 12 Mbps 20 20 20 18 Mbps 20 20 20 24 Mbps 20 20 20 36 Mbps 19 19 18 5 48 Mbps 19 19 18 5 54 Mbps 18 18 18 Table C 6 Transmit Power 802 11b IEEE 802 11b Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467...

Страница 302: ...n Linear vertical horizontal HPBW Horizontal 15 Vertical 15 Front to Back Ratio 26 dB Power Handling 50 W cw Impedance 50 Ohms Connector N female Radome Material Powder coated iron Color White Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 3 6 x 3 6 x 0 16 cm diameter 1 4 x 1 4 x 0 062 in Weight 1600g 3 52 lbs C 6 ...

Страница 303: ...BW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N type female Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 52 x 1 9 cm diameter 20 47 x 0 75 in Weight 340 g 0 75 lbs Antenna Specifications C C 7 ...

Страница 304: ...ion Linear vertical HPBW Linear 120 Vertical 15 Downtilt 0 Power Handling 5 W cw Impedance 50 Ohms Connector N Jack Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 75 x 8 8 x 7 cm 29 5 x 3 46 x 2 75 in Weight 670 g 1 47 lbs C 8 ...

Страница 305: ...tical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 51 x 2 1 cm 20 x 0 83 in Weight 170 g 0 37 lbs Antenna Specifications C C 9 ...

Страница 306: ...zation Linear vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 2 2 x 3 25 cm 0 866 x 1 279 in Weight 110 g 0 242 lbs C 10 ...

Страница 307: ...ertical HPBW Horizontal 120 Vertical 6 Downtilt 0 Power Handling 5 W cw Impedance 50 Ohms Connector N type female Radome Material ABS Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 25 C Mechanical Dimensions 62 x 8 8 x 7 cm 24 41 x 3 46 x 2 76 in Weight 555 g 1 223 lbs Antenna Specifications C C 11 ...

Страница 308: ...r vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N type female Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 7 7 x 8 x 3 73 cm diameter 3 07 x 3 149 x 1 47 in Weight 227g 0 5 lbs C 12 ...

Страница 309: ... Vertical 9 Front to Back Ratio 30 dB Cross Polarization 25 dB Power Handling 20 W cw Impedance 50 Ohms Connector N type female Radome Material ABS UV resistant Color White Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 25 C Mechanical Dimensions 32 x 32 x 1 8 cm 12 95 x 14 17 x 0 7 in Weight 1200 g 2 65 lbs Antenna Specifications C C 13 ...

Страница 310: ...zation Linear vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 2 2 x 3 25 cm 0 866 x 1 279 in Weight 110 g 0 242 lbs C 14 ...

Страница 311: ... HPBW Horizontal 360 Vertical 12 Downtilt 0 Power Handling 5W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 8 x 7 8 x 3 73 cm 3 15 x 3 X 1 49in Weight 227g 0 5 lbs Antenna Specifications C C 15 ...

Страница 312: ...C Specifications C 16 ...

Страница 313: ...erät anhand folgender Schritte mit der Montagehalterung an einen Stahlmast oder eine Stahlröhre mit einem Durchmesser von 1 5 bis 2 Zoll 1 Befestigen Sie die Halterung immer so an einen Mast dass das offene Ende der Montagerillen nach oben weist 2 Legen Sie den V förmigen Teil der Halterung um den Mast und ziehen Sie die Befestigungsmuttern gerade so fest an dass sie die Halterung am Mast festhalt...

Страница 314: ...n Sie die Ränder der V förmigen Halterung in die Aussparungen in der rechteckigen Platte und ziehen Sie die Muttern fest an Schlitze 4 Befestigen Sie die verstellbare rechteckige Platte mit den beigefügten Schrauben an der Bridge D 2 ...

Страница 315: ...lben Polarisierung montiert werden Verwenden der Halterung fü r Wandmontage Montieren Sie das Gerät anhand folgender Schritte mit der Halterung für Wandmontage an eine Wand Achtung Die Halterung für Wandmontage ist nicht dafür vorgesehen dass die integrierte Antenne der drahtlosen Bridge ausgerichtet werden kann Sie ist für die Geräteverwendung mit einer externen Antenne gedacht 1 Befestigen Sie d...

Страница 316: ... die Positionen der drei Löcher für die Montageschrauben 3 Bohren Sie drei Löcher in die Wand passend zu den Schrauben und den Dübeln die der Halterung beigelegt sind und befestigen Sie die Halterung an der Wand 4 Befestigen Sie die drahtlose Bridge mit den beigefügten Muttern an der Halterung D 4 ...

Страница 317: ...n Bridge Link eine 5 0 GHz Antenne und ein Zugriffspunkt eine 2 4 GHz Antenne WA6202A AM Geräte die als verwaltete Zugriffspunkte fungieren benötigen auch eine externe Antenne für 2 4 GHz Betrieb Führen Sie folgende Schritte aus 1 Montieren Sie die externe Antenne innerhalb eines Abstands von 3 m 10 Fuß mit der Halterung die der Antenne mitgeliefert ist an derselben Stützstruktur wie die Bridge 2 ...

Страница 318: ...egen Regen oder Feuchtigkeit den Ethernet Anschluss mit wasserdichtem Klebeband nicht mitgeliefert 3 Achten Sie darauf das Gerät mit einer passenden Erdungsleitung nicht mitgeliefert zu erden indem Sie die Leitung an der Erdungsschraube am Gerät anbringen Achtung Vergewissern Sie sich dass ein Schutzleiter verfügbar ist und dass er den örtlichen und staatlichen Vorschriften für elektrische Anlagen...

Страница 319: ...er IEEE 802 3af PoE verfügt Schließen Sie das Gerät immer an das mitgelieferte Injector Modul für Stromversorgung an 1 Verbinden Sie das Ethernet Kabel von der drahtlosen Bridge mit dem RJ 45 Anschluss am Injector Modul der mit Output Ausgang gekennzeichnet ist 2 Verbinden Sie ein durchgehendes nicht abgeschirmtes UTP Kabel von einem lokalen LAN Switch mit dem RJ 45 Anschluss am Injector Modul der...

Страница 320: ...en Sie das andere Ende der Netzleitung mit einer geerdeten 3 poligen Netzstromquelle Hinweis Bei internationaler Verwendung müssen Sie eventuell die Netzleitung austauschen Sie müssen eine Netzleitung verwenden die für den Steckdosentyp in Ihrem Land geprüft und abgenommen ist 3 Prüfen Sie die LED oben auf dem Injector Modul um sich zu vergewissern dass die drahtlose Bridge über die Ethernet Verbi...

Страница 321: ...ithm that implements symmetric key cryptography AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP Authentication The process to verify the identity of a client requesting network access IEEE 802 11 specifies two forms of authentication open system and shared key Backbone The core infrastructure of a network The portion of the network that transpor...

Страница 322: ...S More than one wireless cell can be configured with the same Service Set Identifier to allow mobile users can roam between different cells with the Extended Service Set Extensible Authentication Protocol EAP An authentication protocol used to authenticate network clients EAP is combined with IEEE 802 1X port authentication and a RADIUS authentication server to provide mutual authentication betwee...

Страница 323: ...ess signaling required to ensure the successful handover of wireless clients roaming between different 802 11f compliant access points Local Area Network LAN A group of interconnected computer and support devices MAC Address The physical layer address used to uniquely identify network nodes Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time server...

Страница 324: ...abled Service Set Identifier SSID An identifier that is attached to packets sent over the wireless LAN and functions as a password for joining a particular radio cell i e Basic Service Set BSS Session Key Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point Shared Key A shared key can be...

Страница 325: ...rum Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN Wi Fi Protected Access WPA employs 802 1X as its basic framework for user...

Страница 326: ...Glossary Glossary 6 ...

Страница 327: ...1 configuration settings saving or restoring 6 31 7 56 configuration initial setup 5 1 console port required settings 5 1 country code configuring 5 3 7 12 crossover cable B 3 CSMA CA 1 1 CTS 6 63 7 105 D data rate options C 1 device status displaying 6 90 7 23 DHCP 6 5 7 89 7 90 DNS 6 6 7 89 Domain Name Server See DNS downloading software 6 29 7 56 DTIM 6 62 7 103 Dynamic Host Configuration Proto...

Страница 328: ... M MAC address authentication 6 13 7 69 7 70 maximum associated clients 6 60 maximum data rate 7 97 802 11a interface 7 97 802 11g interface 7 97 MDI RJ 45 pin configuration 1 6 N network topologies infrastructure 2 2 infrastructure for roaming 2 3 O OFDM 1 1 open system 6 73 7 108 operating frequency C 2 P package checklist 1 2 password configuring 6 28 6 29 6 31 7 15 management 6 28 6 29 6 31 7 ...

Страница 329: ...us 6 93 7 113 status displaying device status 6 90 7 23 displaying station status 6 93 7 113 straight through cable B 2 system clock setting 6 35 7 35 system log enabling 6 33 7 29 server 6 33 7 29 system software downloading from server 6 29 7 56 T Telnet for managenet access 7 1 Temporal Key Integrity Protocol See TKIP time zone 6 36 7 36 TKIP 6 83 transmit power configuring 6 60 7 98 trap desti...

Страница 330: ...Index Index 4 ...

Страница 331: ......

Страница 332: ...Model Number WA6202A WA6202AM Pub Number 149100034900E E112006 DT R01 ...

Отзывы:

Нет отзывов

Похожие инструкции для WA6202A

VT Miltope nMAP2 Quick Start Manual preview
nMAP2
Бренд: VT Miltope Страницы: 32
Fortinet FortiAP 112D Quick Start Manual preview
FortiAP 112D
Бренд: Fortinet Страницы: 11
Amped Wireless HIGHPOWER AC1200 User Manual preview
HIGHPOWER AC1200
Бренд: Amped Wireless Страницы: 106
Calix E3-48C Application Manual preview
E3-48C
Бренд: Calix Страницы: 225
TERABEAM AP-Ext-N User Manual preview
AP-Ext-N
Бренд: TERABEAM Страницы: 10
Edimax BR-6288ACL Quick Installation Manual preview
BR-6288ACL
Бренд: Edimax Страницы: 16
Ebyte E22-400M30S User Manual preview
E22-400M30S
Бренд: Ebyte Страницы: 13
2N LiftGate User Manual preview
LiftGate
Бренд: 2N Страницы: 82
Linksys easyHOTSPOT WRT54GL Installation Manual preview
easyHOTSPOT WRT54GL
Бренд: Linksys Страницы: 17
PoeWit WAP-1 Quick Start Manual preview
WAP-1
Бренд: PoeWit Страницы: 5
Minitar MNWAPGR User Manual preview
MNWAPGR
Бренд: Minitar Страницы: 77
Air Live AirMax2 Quick Setup Manual preview
AirMax2
Бренд: Air Live Страницы: 2
Air Live WH-5420CPE Quick Setup Manual preview
WH-5420CPE
Бренд: Air Live Страницы: 103
Air Live Air Live WL-5470AP Quick Setup Manual preview
Air Live WL-5470AP
Бренд: Air Live Страницы: 135
Dynalink RTA 1046VW ADSL1 Setup Manual preview
RTA 1046VW ADSL1
Бренд: Dynalink Страницы: 5
Dynalink Wireless LAN Client PCMCIA WLC030 Quick Setup Manual preview
Wireless LAN Client PCMCIA WLC030
Бренд: Dynalink Страницы: 10
Orbitel OBT-58108 User Manual preview
OBT-58108
Бренд: Orbitel Страницы: 27
Cambium Networks XE3-4 Hardware Installation Manual preview
XE3-4
Бренд: Cambium Networks Страницы: 52

Бренды по названию

Популярные бренды

Загрузить еще бренды